Re: [DEBIAN-LTS] ettercap package

To: Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com>, Raphael Hertzog <hertzog@debian.org>, Thorsten Alteholz <alteholz@debian.org>, Nguyen Cong <nguyencong.1210@gmail.com>, "debian-lts@lists.debian.org" <debian-lts@lists.debian.org>, "773416@bugs.debian.org" <773416@bugs.debian.org>
Subject: Re: [DEBIAN-LTS] ettercap package
From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Date: Thu, 25 Dec 2014 09:34:47 +0000 (UTC)
Message-id: <[🔎] 1997164888.1272647.1419500087958.JavaMail.yahoo@jws11133.mail.ir2.yahoo.com>
Reply-to: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
In-reply-to: <[🔎] 549A89F0.8030704@toshiba-tsdv.com>
References: <[🔎] 549A89F0.8030704@toshiba-tsdv.com>

Hi *,

nope, you seems to be modifying other patches rather than the strict necessary to fix this bug.

Moreover the patch is lacking of a CVE description (actually the patch is fixing two CVEs, and the
description mentions only one)

(there is also no need to mention me, I'm not the author of the patch, neither of the debdiff :) )

also the patch "subject" might be not really needed, I leave Raphael to review the rest :)


I propose something like this instead.
(note the patch might not apply at all, I manually changed it)

diff -u ettercap-0.7.3/debian/changelog ettercap-0.7.3/debian/changelog
--- ettercap-0.7.3/debian/changelog
+++ ettercap-0.7.3/debian/changelog
@@ -1,3 +1,16 @@
+ettercap (1:0.7.3-2.1+squeeze2) squeeze-lts; urgency=medium
+
+  * Non-maintainer upload.
+   * Patch a bunch of security vulnerabilities (closes: #773416)
+     - CVE-2014-9380 (Buffer over-read)
+     - CVE-2014-9381 (Signedness error)
+     See:
+     https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
+     Patches taken from upstream
+     - 6b196e011fa456499ed4650a360961a2f1323818 pull/608
+     - 31b937298c8067e6b0c3217c95edceb983dfc4a2 pull/609
+     Thanks to Nick Sampanis <n.sampanis@obrela.com> who is responsible for
+     both finding and repairing these issues.
+
+ -- Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com>  Tue, 23 Dec 2014 09:44:32 +0700
+
ettercap (1:0.7.3-2.1+squeeze1) stable; urgency=high

* Quilt patch for CVE-2013-0722, a stack-based buffer overflow when
diff -u ettercap-0.7.3/debian/patches/series ettercap-0.7.3/debian/patches/series
--- ettercap-0.7.3/debian/patches/series
+++ ettercap-0.7.3/debian/patches/series
@@ -3,0 +4 @@
+04_CVE-2014-9380-9381.patch
--- ettercap-0.7.3.orig/debian/patches/04_CVE-2014-9380-9381.patch
+++ ettercap-0.7.3/debian/patches/04_CVE-2014-9380-9381.patch
@@ -0,0 +1,35 @@
+From: Nick Sampanis <n.sampanis@obrela.com> 
+Subject: Re: Bug#773416: fixed in ettercap 1:0.8.1-3
+Date: Mon, 22 Dec 2014 10:22:56 +0000 (UTC)
+
+The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 
+allows remote attackers to cause a denial of service (out-of-bounds 
+read) via a packet containing only a CVS_LOGIN signature.
+
+Integer signedness error in the dissector_cvs function in
+dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause
+a denial of service (crash) via a crafted password, which triggers
+a large memory allocation. 
+See Debian Bug #773416#20
+
+--- a/src/dissectors/ec_cvs.c
++++ b/src/dissectors/ec_cvs.c
+@@ -70,7 +70,7 @@ FUNC_DECODER(dissector_cvs)
+ {
+    DECLARE_DISP_PTR_END(ptr, end);
+    char tmp[MAX_ASCII_ADDR_LEN];
+-   char *p;
++   u_char *p;
+    size_t i;
+ 
+    /* don't complain about unused var */
+@@ -92,6 +92,8 @@ FUNC_DECODER(dissector_cvs)
+ 
+    /* move over the cvsroot path */
+    ptr += strlen(CVS_LOGIN) + 1;
++	if (ptr >= end)
++		return NULL;
+ 
+    /* go until \n */
+    while(*ptr != '\n' && ptr != end) ptr++;


cheers,

and Merry XMas,

Gianfranco

Reply to:

References:
- Re: [DEBIAN-LTS] ettercap package
  - From: Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com>

Prev by Date: Re: [DEBIAN-LTS] ettercap package
Next by Date: Re: [DEBIAN-LTS] ettercap package
Previous by thread: Re: [DEBIAN-LTS] ettercap package
Next by thread: Re: [DEBIAN-LTS] ettercap package
Index(es):
- Date
- Thread