Obrela Security Industries Advisory (OSI-1402)
Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified:
- A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql() which may lead to remote code execution or denial of service.
- An arbitrary write of zero in to any location at ettercap 8.0 dissector_postgresql
- A negative index/underflow at ettercap 8.1 dissector_dhcp() which may lead to denial of service
- A heap overflow at ettercap 8.1 nbns_spoof() plugin which may lead to remote code execution or denial of service.
- An unchecked return value at ettercap 8.1 mdns_spoof() plugin which may lead to remote denial of service.
- A negative index/underflow at ettercap 8.1 dissector_TN3270
- A negative index/underflow at ettercap 8.1 dissector_gg
- A negative index/underflow at ettercap 8.1 get_decode_len()
- An incorrect cast at ettercap 8.1 dissector_radius which may lead to remote code execution or denial of service.
- A buffer over-read at ettercap 8.1 dissector_cvs which may lead to denial of service
- A signedness error at ettercap 8.1 dissector_cvs
- An unchecked return value at ettercap 8.1 dissector_imap which may lead to denial of service
Nick Sampanis (n.sampanis[a t]obrela[do t]com)
Length Parameter Inconsistency CVE-2014-6395
Arbitrary write CVE-2014-6396
Negative index/underflow CVE-2014-9376
Heap overflow CVE-2014-9377
Unchecked return value CVE-2014-9378
Incorrect cast CVE-2014-9379
Buffer over-read CVE-2014-9380
Singleness error CVE-2014-9381
Bugs and fixes submit date
10/09/2014 and 03/11/2014
Solution - fix & patch
Download the latest ettercap. Download the respective commits from github. Soon a new version will be released but at the time there is no patched version.