SB2014121903 - Multiple vulnerabilities in ettercap.sourceforge.net Ettercap

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2014-9381)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation.

2) Buffer overflow (CVE-ID: CVE-2014-9380)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.

3) Stack-based buffer overflow (CVE-ID: CVE-2014-9379)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the radius_get_attribute function in dissectors/ec_radius.c when processing unspecified vectors, which triggers a stack-based buffer overflow. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Input validation error (CVE-ID: CVE-2014-9378)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c.

5) Input validation error (CVE-ID: CVE-2014-9376)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c.

6) Heap-based buffer overflow (CVE-ID: CVE-2014-9377)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1. A remote attacker can use a large netbios packet. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• http://www.securityfocus.com/archive/1/534248/100/0/threaded
• http://www.securityfocus.com/bid/71693
• https://github.com/Ettercap/ettercap/pull/609
• https://security.gentoo.org/glsa/201505-01
• https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
• http://www.securityfocus.com/bid/71691
• https://github.com/Ettercap/ettercap/pull/608
• http://www.securityfocus.com/bid/71698
• https://github.com/Ettercap/ettercap/pull/607
• http://www.securityfocus.com/bid/71695
• https://github.com/Ettercap/ettercap/pull/604
• https://github.com/Ettercap/ettercap/pull/610
• http://www.securityfocus.com/bid/71696
• https://github.com/Ettercap/ettercap/pull/602
• https://github.com/Ettercap/ettercap/pull/605
• https://github.com/Ettercap/ettercap/pull/606
• http://www.securityfocus.com/bid/71690
• https://github.com/Ettercap/ettercap/pull/603