"Ettercap 8.0 - 8.1" multiple vulnerabilities Description ------------------------------------------------------------ Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified: - A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql() which may lead to remote code execution or denial of service. - An arbitary write of zero in to any location at ettercap 8.0 dissector_postgresql - A negative index/underflow at ettercap 8.1 dissector_dhcp() which may lead to denial of service - A heap overflow at ettercap 8.1 nbns_spoof() plugin which may lead to remote code execution or denial of service. - An unchecked return value at ettercap 8.1 mdns_spoof() plugin which may lead to remote denial of service. - A negative index/underflow at ettercap 8.1 dissector_TN3270 - A negative index/underflow at ettercap 8.1 dissector_gg - A negative index/underflow at ettercap 8.1 get_decode_len() - An incorrect cast at ettercap 8.1 dissector_radius which may lead to remote code execution or denial of service. - A buffer over-read at ettercap 8.1 dissector_cvs which may lead to denial of service - A signedness error at ettercap 8.1 dissector_cvs - An unchecked return value at ettercap 8.1 dissector_imap which may lead to denial of service Researcher ------------------------------------------------------------ Nick Sampanis (n.sampanis[a t]obrela[do t]com) Vulnerabilities ------------------------------------------------------------ Length Parameter Inconsistency CVE-2014-6395 Arbitary write CVE-2014-6396 Negative index/underflow CVE-2014-9376 Heap overflow CVE-2014-9377 Unchecked return value CVE-2014-9378 Incorrect cast CVE-2014-9379 Buffer over-read CVE-2014-9380 Signedness error CVE-2014-9381 Bugs and fixes submit date ------------------------------------------------------------ 10/09/2014 and 03/11/2014 Solution - fix & patch ------------------------------------------------------------ Download the latest ettercap. Download the respective commits from github. Soon a new version will be released but at the time there is no patched version. https://github.com/NickSampanis/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a https://github.com/NickSampanis/ettercap/commit/103f16582ee88341a6a610378011781cdc866b0c https://github.com/NickSampanis/ettercap/commit/3f0c582826095c722ab6fbf91518282a765a0b68 https://github.com/NickSampanis/ettercap/commit/cb7b2028dc03c628aa0a1a5130ca41421ddebcb2 https://github.com/NickSampanis/ettercap/commit/edd337d5d4f37ab8e330c5e067344dd5b3f10435 https://github.com/NickSampanis/ettercap/commit/37dcfdf79e1ac6dcacd565894cd7717aa0224164 https://github.com/NickSampanis/ettercap/commit/c2a3c99af956146570d7883e4b540b9d0c0a3c46 https://github.com/NickSampanis/ettercap/commit/6b196e011fa456499ed4650a360961a2f1323818 https://github.com/NickSampanis/ettercap/commit/31b937298c8067e6b0c3217c95edceb983dfc4a2 https://github.com/NickSampanis/ettercap/commit/9e9fdc7ed1ee8eba01a5a05e000b6c55d2a70923 Reference: ------------------------------------------------------------ https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/