Bug 1174820 (CVE-2014-6395, CVE-2014-6396, CVE-2014-9376, CVE-2014-9377, CVE-2014-9378, CVE-2014-9379, CVE-2014-9380, CVE-2014-9381)

Summary: CVE-2014-6395 CVE-2014-6396 CVE-2014-9376 CVE-2014-9377 CVE-2014-9378 CVE-2014-9379 CVE-2014-9380 CVE-2014-9381 ettercap: multiple vulnerabilities
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gwync
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:37:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1174821, 1174822, 1174823    
Bug Blocks:    

Description Martin Prpič 2014-12-16 14:36:32 UTC 
The following vulnerabilities have been reported in ettercap:

Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified:

- A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql() which may lead to remote code execution or denial of service.

- An arbitary write of zero in to any location at ettercap 8.0 dissector_postgresql

- A negative index/underflow at ettercap 8.1 dissector_dhcp() which may lead to denial of service

- A heap overflow at ettercap 8.1 nbns_spoof() plugin which may lead to remote code execution or denial of service.

- An unchecked return value at ettercap 8.1 mdns_spoof() plugin which may lead to remote denial of service.

- A negative index/underflow at ettercap 8.1 dissector_TN3270

- A negative index/underflow at ettercap 8.1 dissector_gg

- A negative index/underflow at ettercap 8.1 get_decode_len()

- An incorrect cast at ettercap 8.1 dissector_radius which may lead to remote code execution or denial of service.

- A buffer over-read at ettercap 8.1 dissector_cvs which may lead to denial of service

- A signedness error at ettercap 8.1 dissector_cvs

- An unchecked return value at ettercap 8.1 dissector_imap which may lead to denial of service

The following CVEs have been assigned:

CVE-2014-6395: Length Parameter Inconsistency
CVE-2014-6396: Arbitary write
CVE-2014-9376: Negative index/underflow
CVE-2014-9377: Heap overflow
CVE-2014-9378: Unchecked return value
CVE-2014-9379: Incorrect cast
CVE-2014-9380: Buffer over-read
CVE-2014-9381: Signedness error

The patches are linked to in the following advisory:

https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
Comment 1 Martin Prpič 2014-12-16 14:37:37 UTC 
Created ettercap tracking bugs for this issue:

Affects: fedora-all [bug 1174821]
Affects: epel-5 [bug 1174822]
Affects: epel-6 [bug 1174823]
Comment 2 Product Security DevOps Team 2019-06-08 02:37:11 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.