Roger Leigh
2006-Mar-13 12:28 UTC
[Secure-testing-team] ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, Just FYI, CAN-2005-1796 (Debian bug #311615) was fixed with ettercap (1:0.7.1-1.1) in unstable. It has yet to reach testing. If it doesn''t make it before the release, it will presumably need to be rebuilt as a stable security update. Regards, Roger - -- Roger Leigh Printing on GNU/Linux? http://gimp-print.sourceforge.net/ Debian GNU/Linux http://www.debian.org/ GPG Public Key: 0x25BFB848. Please sign and encrypt your mail. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/> iD8DBQFCn0YbVcFcaSW/uEgRAuY7AKDK+wciFxBux9t0tCHRqWBtICwfMACfW3WV a1qBv0sB3KQh/oqD70wgTV4=cZoq -----END PGP SIGNATURE-----
Ulf Harnhammar
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c
On Sat, Jul 09, 2005 at 02:58:23PM +0100, Roger Leigh wrote:> > Just FYI, CAN-2005-1796 (Debian bug #311615) was fixed with ettercap > > - wdg_scroll_print(sysmsg_win, EC_COLOR, (char *)msg); > + wdg_scroll_print(sysmsg_win, EC_COLOR, "%s", (char *)msg);This looks like a typical format string bug and not a buffer overflow. cve.mitre.org describes it that way as well. // Ulf
Roger Leigh
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c
On Thu, Jun 02, 2005 at 06:47:17PM +0100, Roger Leigh wrote:> > Just FYI, CAN-2005-1796 (Debian bug #311615) was fixed with ettercap > (1:0.7.1-1.1) in unstable. It has yet to reach testing. If it > doesn''t make it before the release, it will presumably need to be > rebuilt as a stable security update.It''s now five weeks later. Has anything yet been done with this? As before, the packages for testing-security are available here: http://people.debian.org/~rleigh/ettercap-sarge/ I can rebuild and upload them to stable-security if you like, or you can just rebuild them yourselves if you prefer. The only change, besides the changelog update, is: --- ettercap-0.7.1.orig/src/interfaces/curses/ec_curses.c +++ ettercap-0.7.1/src/interfaces/curses/ec_curses.c @@ -172,7 +172,7 @@ if (sysmsg_win == NULL) return; - wdg_scroll_print(sysmsg_win, EC_COLOR, (char *)msg); + wdg_scroll_print(sysmsg_win, EC_COLOR, "%s", (char *)msg); } taken by diffing upstream releases. Regards, Roger -- Roger Leigh Printing on GNU/Linux? http://gimp-print.sourceforge.net/ Debian GNU/Linux http://www.debian.org/ GPG Public Key: 0x25BFB848. Please sign and encrypt your mail. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050709/39ecadfe/attachment.pgp