This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 894092 - (CVE-2013-0722) CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list
CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20130107,reported=2...
: Security
Depends On: 894094 894096
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-10 11:55 EST by Vincent Danen
Modified: 2016-03-04 05:47 EST (History)
3 users (show)

See Also:
Fixed In Version: ettercap 0.7.5.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-05 16:51:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2013-01-10 11:55:23 EST
A stack-based buffer overflow was reported [1],[2] in Ettercap <= 0.7.5.1.  A boundary error within the scan_load_hosts() function (in src/ec_scan.c), when parsing entries from a hosts list, could be exploited to cause a stack-based buffer overflow via an overly long entry.  In order to exploit this, a user must be tricked into loading a malicious host file.

This has not yet been corrected upstream, but a proposed patch is available [3].

The initial report [1] indicates that this was given the name CVE-2012-0722.

[1] http://www.exploit-db.com/exploits/23945/
[2] https://secunia.com/advisories/51731/
[3] http://www.securation.com/files/2013/01/ec.patch
Comment 1 Vincent Danen 2013-01-10 11:58:33 EST
Created ettercap tracking bugs for this issue

Affects: fedora-all [bug 894094]
Affects: epel-all [bug 894096]
Comment 2 Vincent Danen 2013-01-11 16:57:44 EST
This was meant to be CVE-2013-0722, not a 2012 CVE.
Comment 3 Gianfranco 2013-01-23 17:00:53 EST
This has been fixed upstream, you can cherry pick the patch or wait for the next tag.

The new version will bring up many bug fix including this one
Comment 4 Agostino Sarubbo 2013-01-29 07:29:28 EST
0.7.5.2 fixes this issue.
Comment 5 Gwyn Ciesla 2013-01-29 09:22:05 EST
When is it going to be released?
Comment 6 Agostino Sarubbo 2013-01-29 09:29:32 EST
(In reply to comment #5)
> When is it going to be released?

https://github.com/Ettercap/ettercap/archive/v0.7.5.2.tar.gz
Comment 7 Gwyn Ciesla 2013-01-29 09:46:29 EST
Ah, I see.  It's not on the website. :)
Comment 8 Gianfranco 2013-01-30 02:55:34 EST
Please don't update to 0.7.5.2 unless you patch include/ec_version.h file!

Is still in the old version, I think we will release 0.7.5.3 soon
Comment 9 Gwyn Ciesla 2013-01-30 09:07:24 EST
Ok, my build failed for some reason anyway, please let me know as soon as 0.7.5.3 is out.
Comment 10 Agostino Sarubbo 2013-01-30 10:39:45 EST
(In reply to comment #9)
> Ok, my build failed for some reason anyway, please let me know as soon as
> 0.7.5.3 is out.

It doesn't fail here(on gentoo), what's your problem?
Comment 11 Gwyn Ciesla 2013-01-30 11:17:50 EST
I was fine locally and in mock, but failed in koji in rawhide.  Investigating.  Might have been temporary rawhide brokenness.
Comment 12 Gwyn Ciesla 2013-01-30 11:52:48 EST
I wasn't requiring groff for the build, I fixed it, it's fine now.
Comment 13 Gianfranco 2013-01-30 17:01:00 EST
The problem for 0.7.5.2 is only cosmetic, ec_include.h defines the version as 0.7.5.1, so just the menu title is not updated, not a really bug :))
wich kind of error do you receive?
Comment 14 Gwyn Ciesla 2013-02-01 09:43:15 EST
Nothing, when groff is present.
Comment 15 Gianfranco 2013-02-01 10:30:56 EST
I don't know what groff means... :-) BTW ettercap 0.7.5.3 is out, just two minor.fix about versioning and a fedora bug fixed upstream.
Comment 16 Gwyn Ciesla 2013-02-01 10:31:55 EST
Excellent, thanks!
Comment 17 Vincent Danen 2013-02-05 16:51:56 EST
This has been fixed now via:

ettercap-0.7.5-3.fc16.1.20120906gitc796e5
ettercap-0.7.5-4.fc17.1.20120906gitc796e5
ettercap-0.7.5.1-1.fc18

and:

ettercap-0.7.3-21.el5
ettercap-0.7.5-3.el6.1.20120906gitc796e5

Note You need to log in before you can comment on or make changes to this bug.