0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Ettercap 0.8.2 Etterfilter Out-Of-Bounds Read Vulnerability
Author
Risk
[
Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
Document Title: =============== CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility Vendor: ======= Ettercap (http://ettercap.github.io/ettercap/) Product and Versions Affected: ============================== Etterfilter 0.8.2 and possibly prior. Vulnerability Type: =================== Denial-of-Service CVE Reference: ============== CVE-2017-6430 Vulnerability Details: ====================== Etterfilter utility of Ettercap have an out-of-bounds read denial-of-service vulnerability when parsing a crafted file. This occurs in the compile_tree function of the ef_compiler.c source file when processing corrupted filters. Valgrind Output: ================ raras@ubuntu:~/Desktop$ valgrind etterfilter ~/Desktop/crash ==25860== Memcheck, a memory error detector ==25860== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==25860== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==25860== Command: etterfilter /home/raras/Desktop/crash ==25860== etterfilter 0.8.2 copyright 2001-2015 Ettercap Development Team 14 protocol tables loaded: DECODED DATA udp tcp esp gre icmp ipv6 ip arp wifi fddi tr eth 13 constants loaded: VRRP OSPF GRE UDP TCP ESP ICMP6 ICMP PPTP PPPOE IP6 IP ARP Parsing source file '/home/raras/Desktop/crash' done. BUG at [/home/raras/Desktop/ettercap-master/utils/etterfilter/ef_compiler.c:compile_tree:242] tree_root == NULL ==25860== Invalid read of size 8 ==25860== at 0x4E4D7B9: clean_exit (in /usr/local/lib/libettercap.so.0.0.0) ==25860== by 0x4030B0: compile_tree (in /usr/local/bin/etterfilter) ==25860== by 0x4042D3: write_output (in /usr/local/bin/etterfilter) ==25860== by 0x4024BD: main (in /usr/local/bin/etterfilter) ==25860== Address 0x6bc2440 is 8 bytes after a block of size 24 alloc'd ==25860== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==25860== by 0x4041A2: globals_alloc (in /usr/local/bin/etterfilter) ==25860== by 0x4023AF: main (in /usr/local/bin/etterfilter) ==25860== ==25860== Invalid read of size 8 ==25860== at 0x4E4D7BD: clean_exit (in /usr/local/lib/libettercap.so.0.0.0) ==25860== by 0x4030B0: compile_tree (in /usr/local/bin/etterfilter) ==25860== by 0x4042D3: write_output (in /usr/local/bin/etterfilter) ==25860== by 0x4024BD: main (in /usr/local/bin/etterfilter) ==25860== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==25860== ==25860== ==25860== Process terminating with default action of signal 11 (SIGSEGV) ==25860== Access not within mapped region at address 0x0 ==25860== at 0x4E4D7BD: clean_exit (in /usr/local/lib/libettercap.so.0.0.0) ==25860== by 0x4030B0: compile_tree (in /usr/local/bin/etterfilter) ==25860== by 0x4042D3: write_output (in /usr/local/bin/etterfilter) ==25860== by 0x4024BD: main (in /usr/local/bin/etterfilter) ==25860== If you believe this happened as a result of a stack ==25860== overflow in your program's main thread (unlikely but ==25860== possible), you can try to increase the size of the ==25860== main thread stack using the --main-stacksize= flag. ==25860== The main thread stack size used in this run was 8388608. ==25860== ==25860== HEAP SUMMARY: ==25860== in use at exit: 29,146 bytes in 536 blocks ==25860== total heap usage: 644 allocs, 108 frees, 199,745 bytes allocated ==25860== ==25860== LEAK SUMMARY: ==25860== definitely lost: 8 bytes in 1 blocks ==25860== indirectly lost: 0 bytes in 0 blocks ==25860== possibly lost: 0 bytes in 0 blocks ==25860== still reachable: 29,138 bytes in 535 blocks ==25860== suppressed: 0 bytes in 0 blocks ==25860== Rerun with --leak-check=full to see details of leaked memory ==25860== ==25860== For counts of detected and suppressed errors, rerun with: -v ==25860== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0) Segmentation fault Patch: ====== utils/etterfilter/ef_compiler.c @@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop) struct filter_op *array = NULL; struct unfold_elm *ue; - BUG_IF(tree_root == NULL); + // invalid file + if (tree_root == NULL) + return 0; fprintf(stdout, " Unfolding the meta-tree "); fflush(stdout); References and Fix: =================== https://github.com/Ettercap/ettercap/issues/782 https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506 Vulnerability Disclosure Timeline: ================================== 2017-02-07: Bug Report Submission & Coordination 2017-03-05: Public Disclosure Credit: ======= AromalUllas # 0day.today [2024-12-25] #