{ "schema_version": "1.7.0", "id": "MGASA-2015-0012", "published": "2015-01-07T16:32:10Z", "modified": "2015-01-07T16:24:59Z", "summary": "Updated ettercap packages fix security vulnerabilities", "details": "Updated ettercap package fixes security vulnerabilities:\n\nHeap-based buffer overflow in the dissector_postgresql function in\ndissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to\ncause a denial of service or possibly execute arbitrary code via a crafted\npassword length value that is inconsistent with the actual length of the\npassword (CVE-2014-6395).\n\nThe dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap\nbefore 8.1 allows remote attackers to cause a denial of service and possibly\nexecute arbitrary code via a crafted password length, which triggers a 0\ncharacter to be written to an arbitrary memory location (CVE-2014-6396).\n\nInteger underflow in Ettercap 8.1 allows remote attackers to cause a denial\nof service (out-of-bounds write) and possibly execute arbitrary code via a\nsmall size variable value in the dissector_dhcp function in\ndissectors/ec_dhcp.c, length value to the dissector_gg function in\ndissectors/ec_gg.c, or string length to the get_decode_len function in\nec_utils.c or a request without a username or password to the\ndissector_TN3270 function in dissectors/ec_TN3270.c (CVE-2014-9376).\n\nHeap-based buffer overflow in the nbns_spoof function in\nplug-ins/nbns_spoof/nbns_spoof.c in Ettercap 8.1 allows remote attackers to\ncause a denial of service or possibly execute arbitrary code via a large\nnetbios packet (CVE-2014-9377).\n\nEttercap 8.1 does not validate certain return values, which allows remote\nattackers to cause a denial of service (crash) or possibly execute arbitrary\ncode via a crafted name to the parse_line function in mdns_spoof/mdns_spoof.c\nor base64 encoded password to the dissector_imap function in\ndissectors/ec_imap.c (CVE-2014-9378).\n\nThe radius_get_attribute function in dissectors/ec_radius.c in Ettercap 8.1\nperforms an incorrect cast, which allows remote attackers to cause a denial\nof service (crash) or possibly execute arbitrary code via unspecified\nvectors, which triggers a stack-based buffer overflow (CVE-2014-9379).\n\nThe dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows\nremote attackers to cause a denial of service (out-of-bounds read) via a\npacket containing only a CVS_LOGIN signature (CVE-2014-9380).\n\nInteger signedness error in the dissector_cvs function in dissectors/ec_cvs.c\nin Ettercap 8.1 allows remote attackers to cause a denial of service (crash)\nvia a crafted password, which triggers a large memory allocation\n(CVE-2014-9381).\n", "upstream": [ "CVE-2014-6395", "CVE-2014-6396", "CVE-2014-9376", "CVE-2014-9377", "CVE-2014-9378", "CVE-2014-9379", "CVE-2014-9380", "CVE-2014-9381" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0012.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=14919" }, { "type": "ADVISORY", "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "ettercap", "purl": "pkg:rpm/mageia/ettercap?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.8.0-3.1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }