ettercap: CVE-2017-6430: Out-of-bounds read in etterfilter utility

Related Vulnerabilities: CVE-2017-6430  

Debian Bug report logs - #857035
ettercap: CVE-2017-6430: Out-of-bounds read in etterfilter utility

version graph

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 7 Mar 2017 12:15:01 UTC

Severity: important

Tags: patch, security, upstream

Found in version ettercap/1:0.8.1-3

Fixed in version ettercap/1:0.8.2-4

Done: Gianfranco Costamagna <locutusofborg@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/Ettercap/ettercap/issues/782

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#857035; Package src:ettercap. (Tue, 07 Mar 2017 12:15:04 GMT) (full text, mbox, link).


Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Barak A. Pearlmutter <bap@debian.org>. (Tue, 07 Mar 2017 12:15:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ettercap: CVE-2017-6430: Out-of-bounds read in etterfilter utility
Date: Tue, 07 Mar 2017 13:11:30 +0100
Source: ettercap
Version: 1:0.8.1-3
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/Ettercap/ettercap/issues/782

Hi,

the following vulnerability was published for ettercap.

CVE-2017-6430[0]:
Out-of-bounds read in etterfilter utility

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6430
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6430
[1] https://github.com/Ettercap/ettercap/issues/782

Regards,
Salvatore



Reply sent to Gianfranco Costamagna <locutusofborg@debian.org>:
You have taken responsibility. (Tue, 07 Mar 2017 21:09:09 GMT) (full text, mbox, link).


Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 07 Mar 2017 21:09:09 GMT) (full text, mbox, link).


Message #10 received at 857035-close@bugs.debian.org (full text, mbox, reply):

From: Gianfranco Costamagna <locutusofborg@debian.org>
To: 857035-close@bugs.debian.org
Subject: Bug#857035: fixed in ettercap 1:0.8.2-4
Date: Tue, 07 Mar 2017 21:04:59 +0000
Source: ettercap
Source-Version: 1:0.8.2-4

We believe that the bug you reported is fixed in the latest version of
ettercap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 857035@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gianfranco Costamagna <locutusofborg@debian.org> (supplier of updated ettercap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Mar 2017 20:27:49 +0100
Source: ettercap
Binary: ettercap-common ettercap-text-only ettercap-graphical ettercap-dbg
Architecture: source
Version: 1:0.8.2-4
Distribution: unstable
Urgency: high
Maintainer: Barak A. Pearlmutter <bap@debian.org>
Changed-By: Gianfranco Costamagna <locutusofborg@debian.org>
Description:
 ettercap-common - Multipurpose sniffer/interceptor/logger for switched LAN
 ettercap-dbg - Debug symbols for Ettercap
 ettercap-graphical - Ettercap GUI-enabled executable
 ettercap-text-only - Ettercap console-mode executable
Closes: 790405 857035
Changes:
 ettercap (1:0.8.2-4) unstable; urgency=high
 .
   * debian/patches/626dc56686f15f2dda13c48f78c2a666cb6d8506.patch:
     - upstream fix fox CVE-2017-6430 (Closes: #857035)
   * Remove mips64el luajit-5.1-dev to allow build here (Closes: #790405)
     (and reorder, as well as removing sparc)
   * Add luajit-5.1-dev to hurd
Checksums-Sha1:
 8ff87518e2c8c6998184ddbeae26f98dec50c096 2402 ettercap_0.8.2-4.dsc
 319d89733d03f268c99796248954218e561b1dc4 14472 ettercap_0.8.2-4.debian.tar.xz
Checksums-Sha256:
 6d727ae1f816a6fd73e96f46840970d00130528d84d8953f22e47c127ac87dcd 2402 ettercap_0.8.2-4.dsc
 6b77da87ced601e2a1f71ca03411e6f3366ebf27d2e63a1bb88d8a7dd5920c49 14472 ettercap_0.8.2-4.debian.tar.xz
Files:
 132ef2b8e23d369eed034af981599786 2402 net optional ettercap_0.8.2-4.dsc
 b18b59b661a4c7ec98436d4935b8d8a2 14472 net optional ettercap_0.8.2-4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYvxfjAAoJEPNPCXROn13ZpzEP/1uhdy2s/D/VjsYjWK5yz9fI
2y2O33D+UIIAA+OE9E85+sSdiRQ2RkcQDhh4jtF+I60UdXOy3jG4KJt/gD4BNtCa
4F+s+VlYj95tCo5VGDZlJ1z+TwhWvofyXKq1xW5E786bqOBRTjtO9gzbOCcP6pQn
a9RDCuEzd4NlXLsnV7a+rhsn+LFzSA9NOvn0oTbP/uEPsQcrndBCJ5T+0JB450BT
FoQmRdnn8qEDrEG2c1JG0TOk1NdR9zLcGywEH4P5fNxT18R8zkl1QCHwhR5SIvh7
N5NIC1aPI1tm92Eg/IP8a6ddf/68O+qjnv0nfJy63chBN8BjnxapZ577eT6/TbV0
tVnUFHJDmLfP7ruHtVAQ7opOYaYALG6YCMt+0pHcq1AHlfHrKOmLlQw7YKY5VwlA
okhUjKjJJHLQm9QyPoGKSQ/n/RjbKQT0YIlvoiv2FF4fRtPXJPNVasUJIo3yvPR0
8QQl5+SYYSRFiwJWXoki92i5cXrO+m8saN++swLHnS/t1FK5YAIuvvmyE+DRyIsG
Y4/qx83reTxSSCG3JUpZSU+lLamzUR3oPUQx8eSo2xMSocKqOwV1/pEEUPwYwGCY
FwmCl3nWnuqZTTeKOHJIehZc+jRJZuiHzRNYc+B5lqJxuPRoW9cv+e4BJrLdyI7w
hq1FseFtiiJJVivaYtaM
=6Y4R
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 07 Apr 2017 07:26:44 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:13:50 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.