The following vulnerabilities have been reported in ettercap: Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified: - A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql() which may lead to remote code execution or denial of service. - An arbitary write of zero in to any location at ettercap 8.0 dissector_postgresql - A negative index/underflow at ettercap 8.1 dissector_dhcp() which may lead to denial of service - A heap overflow at ettercap 8.1 nbns_spoof() plugin which may lead to remote code execution or denial of service. - An unchecked return value at ettercap 8.1 mdns_spoof() plugin which may lead to remote denial of service. - A negative index/underflow at ettercap 8.1 dissector_TN3270 - A negative index/underflow at ettercap 8.1 dissector_gg - A negative index/underflow at ettercap 8.1 get_decode_len() - An incorrect cast at ettercap 8.1 dissector_radius which may lead to remote code execution or denial of service. - A buffer over-read at ettercap 8.1 dissector_cvs which may lead to denial of service - A signedness error at ettercap 8.1 dissector_cvs - An unchecked return value at ettercap 8.1 dissector_imap which may lead to denial of service The following CVEs have been assigned: CVE-2014-6395: Length Parameter Inconsistency CVE-2014-6396: Arbitary write CVE-2014-9376: Negative index/underflow CVE-2014-9377: Heap overflow CVE-2014-9378: Unchecked return value CVE-2014-9379: Incorrect cast CVE-2014-9380: Buffer over-read CVE-2014-9381: Signedness error The patches are linked to in the following advisory: https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
Created ettercap tracking bugs for this issue: Affects: fedora-all [bug 1174821] Affects: epel-5 [bug 1174822] Affects: epel-6 [bug 1174823]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.