thr3ads.net - Secure testing team - [Secure-testing-team] ettercap: [CAN-2005-1796] buffer overflow in ec

If this information is useful, please help other people find it:
Share via:

Roger Leigh

2006-Mar-13 12:28 UTC

[Secure-testing-team] ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

Just FYI, CAN-2005-1796 (Debian bug #311615) was fixed with ettercap
(1:0.7.1-1.1) in unstable.  It has yet to reach testing.  If it
doesn''t make it before the release, it will presumably need to be
rebuilt as a stable security update.


Regards,
Roger

- -- 
Roger Leigh
                Printing on GNU/Linux?  http://gimp-print.sourceforge.net/
                Debian GNU/Linux        http://www.debian.org/
                GPG Public Key: 0x25BFB848.  Please sign and encrypt your mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFCn0YbVcFcaSW/uEgRAuY7AKDK+wciFxBux9t0tCHRqWBtICwfMACfW3WV
a1qBv0sB3KQh/oqD70wgTV4=cZoq
-----END PGP SIGNATURE-----

Ulf Harnhammar

2006-Mar-13 12:28 UTC

head link

[Secure-testing-team] Re: ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c

On Sat, Jul 09, 2005 at 02:58:23PM +0100, Roger Leigh
wrote:> > Just FYI, CAN-2005-1796 (Debian bug #311615) was fixed with ettercap
>  
> -   wdg_scroll_print(sysmsg_win, EC_COLOR, (char *)msg);
> +   wdg_scroll_print(sysmsg_win, EC_COLOR, "%s", (char *)msg);
This looks like a typical format string bug and not a buffer overflow.
cve.mitre.org describes it that way as well.

// Ulf

Roger Leigh

2006-Mar-13 12:28 UTC

head link

[Secure-testing-team] Re: ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c

On Thu, Jun 02, 2005 at 06:47:17PM +0100, Roger Leigh
wrote:> 
> Just FYI, CAN-2005-1796 (Debian bug #311615) was fixed with ettercap
> (1:0.7.1-1.1) in unstable.  It has yet to reach testing.  If it
> doesn''t make it before the release, it will presumably need to be
> rebuilt as a stable security update.
It''s now five weeks later.  Has anything yet been done with this?

As before, the packages for testing-security are available here:

http://people.debian.org/~rleigh/ettercap-sarge/

I can rebuild and upload them to stable-security if you like, or
you can just rebuild them yourselves if you prefer.

The only change, besides the changelog update, is:

--- ettercap-0.7.1.orig/src/interfaces/curses/ec_curses.c
+++ ettercap-0.7.1/src/interfaces/curses/ec_curses.c
@@ -172,7 +172,7 @@
    if (sysmsg_win == NULL)
       return;
 
-   wdg_scroll_print(sysmsg_win, EC_COLOR, (char *)msg);
+   wdg_scroll_print(sysmsg_win, EC_COLOR, "%s", (char *)msg);
  }

taken by diffing upstream releases.


Regards,
Roger

-- 
Roger Leigh
                Printing on GNU/Linux?  http://gimp-print.sourceforge.net/
                Debian GNU/Linux        http://www.debian.org/
                GPG Public Key: 0x25BFB848.  Please sign and encrypt your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050709/39ecadfe/attachment.pgp

Secure testing team - Mar 2006 - ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c

[Secure-testing-team] ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c

[Secure-testing-team] Re: ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c

[Secure-testing-team] Re: ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c