CVE-2005-1796
CVSS7.5
发布时间 :2005-05-31 00:00:00
修订时间 :2011-03-07 21:22:53
NMCOPS    

[原文]Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code.


[CNNVD]Ettercap远程格式化字符串漏洞(CNNVD-200505-1234)

        Ettercap的0.7.3之前版本的Ncurses interface (ec_curses.c)中的curses_msg函数存在格式化字符串漏洞,远程攻击者可以执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1796
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1796
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1234
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/15535
(VENDOR_ADVISORY)  SECUNIA  15535
http://ettercap.sourceforge.net/history.php
(VENDOR_ADVISORY)  CONFIRM  http://ettercap.sourceforge.net/history.php
http://www.vupen.com/english/advisories/2005/0670
(UNKNOWN)  VUPEN  ADV-2005-0670
http://www.securityfocus.com/bid/13820
(UNKNOWN)  BID  13820
http://securitytracker.com/id?1014084
(UNKNOWN)  SECTRACK  1014084
http://www.gentoo.org/security/en/glsa/glsa-200506-07.xml
(UNKNOWN)  GENTOO  GLSA-200506-07
http://www.debian.org/security/2005/dsa-749
(UNKNOWN)  DEBIAN  DSA-749
http://secunia.com/advisories/16000
(UNKNOWN)  SECUNIA  16000
http://secunia.com/advisories/15664
(UNKNOWN)  SECUNIA  15664

- 漏洞信息

Ettercap远程格式化字符串漏洞
高危 格式化字符串
2005-05-31 00:00:00 2005-10-20 00:00:00
远程  
        Ettercap的0.7.3之前版本的Ncurses interface (ec_curses.c)中的curses_msg函数存在格式化字符串漏洞,远程攻击者可以执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Ettercap Ettercap 0.6 .b
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap 0.6 .a
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap 0.6.3 .1
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap 0.6.4
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap 0.6.5
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap 0.6.6 .6
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap 0.6.7
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap 0.6.9
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap-NG 0.7 .0
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap-NG 0.7.1
        Debian ettercap-common_0.7.1-1sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/e/ettercap/ettercap-commo n_0.7.1-1sarge1_amd64.deb
        Debian ettercap-gtk_0.7.1-1sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0 .7.1-1sarge1_amd64.deb
        Debian ettercap_0.7.1-1sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1 -1sarge1_amd64.deb
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        Ettercap Ettercap-NG 0.7.2
        Ettercap ettercap-NG-0.7.3.tar.gz
        http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?d ownload
        

- 漏洞信息 (F38594)

Debian Linux Security Advisory 749-1 (PacketStormID:F38594)
2005-07-12 00:00:00
Debian  security.debian.org
advisory,remote,arbitrary
linux,debian
CVE-2005-1796
[点击下载]

Debian Security Advisory DSA 749-1 - A vulnerability was discovered in the ettercap package which could allow a remote attacker to execute arbitrary code on the system running ettercap.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA 749-1                   security@debian.org
http://www.debian.org/security/                            Michael Stone
July 10, 2005                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : ettercap
Vulnerability  : arbitrary code execution
Problem type   : format string error
Debian-specific: no
CVE Id(s)      : CAN-2005-1796

A vulnerability was discovered in the ettercap package which could allow
a remote attacker to execute arbitrary code on the system running
ettercap.

The old stable distribution (woody) did not include ettercap.

For the stable distribution (sarge), this problem has been fixed in
version 0.7.1-1sarge1.

For the unstable distribution (sid), this problem has been fixed in
version 0.7.3-1.

We recommend that you upgrade your ettercap package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (sarge)
- ------------------

  sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1.orig.tar.gz
      Size/MD5 checksum:  1121758 f769039e0e967e9e09d0365fe358d683
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1.diff.gz
      Size/MD5 checksum:     4027 409603f119d07401bf7671b317e8ccef
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1.dsc
      Size/MD5 checksum:      746 12b96cbc18bdb3bd7b431efbbfa73c34

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_alpha.deb
      Size/MD5 checksum:   262674 3360122f7ee141aa6f2d410f4f834933
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_alpha.deb
      Size/MD5 checksum:   318266 4b09b93eba161a30b2f6cd28c33d0f1d
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_alpha.deb
      Size/MD5 checksum:   221836 dbe0a871072bcd8d90318b271af1952b

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_arm.deb
      Size/MD5 checksum:   202390 6feb651f0b27a18e36612804388356e8
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_arm.deb
      Size/MD5 checksum:   288022 062a0e8b4fdc2985a5bf9f5a0bc14fc4
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_arm.deb
      Size/MD5 checksum:   169426 b08226c852071b61b66c16fd012412ec

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_hppa.deb
      Size/MD5 checksum:   304744 59be8a0479f3b0c9512e5193865c6bc2
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_hppa.deb
      Size/MD5 checksum:   227462 c364ecfec15360338b93176d45d759f3
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_hppa.deb
      Size/MD5 checksum:   190422 abbb689c039c829ab4358c4983c96c96

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_i386.deb
      Size/MD5 checksum:   208398 91059e61c393851e8edb3b841450b46d
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_i386.deb
      Size/MD5 checksum:   286292 be3fff62821300e02ee004deb7a3bf91
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_i386.deb
      Size/MD5 checksum:   173010 cba1a300d2d2add3c7c8720c287a7d10

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_ia64.deb
      Size/MD5 checksum:   331966 f316f4df7dfc6ea666288f7aa1ef955b
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_ia64.deb
      Size/MD5 checksum:   256862 64f34b09f95832daa6de66f4e5a9be0b
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_ia64.deb
      Size/MD5 checksum:   304328 6781371e63adcedd74db7a9435f77a64

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_m68k.deb
      Size/MD5 checksum:   153950 310081b9ca119d2ce58c4cc779ea93c9
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_m68k.deb
      Size/MD5 checksum:   182234 6cea01aa78d8ab57b7365bcf1977f26a
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_m68k.deb
      Size/MD5 checksum:   284704 9fb2cbc636754bc116bb92136cd662c2

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_mips.deb
      Size/MD5 checksum:   180014 430dad7d762ab3d21ffdf5452d038a6f
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_mips.deb
      Size/MD5 checksum:   296628 9dceaed8c2623ddb45a82b95f3c44480
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_mips.deb
      Size/MD5 checksum:   210476 53c398ef40193a1fc5eede9f8b6d5e76

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_mipsel.deb
      Size/MD5 checksum:   298032 f599e9ca6ecf52622ccfcb3ac6f20bf3
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_mipsel.deb
      Size/MD5 checksum:   182216 1ea0f7044b6b65c56b0d7ebd23842705
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_mipsel.deb
      Size/MD5 checksum:   212338 c8e0734ab8090a77c84d63b57086dc06

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_powerpc.deb
      Size/MD5 checksum:   322336 e7ab6f5e567b2cc271f180cb16f70476
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_powerpc.deb
      Size/MD5 checksum:   179370 b1f750e38e742030932ab076d4e62eac
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_powerpc.deb
      Size/MD5 checksum:   212186 96860165bf4e4e796eeaaea7d8ea4e51

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_s390.deb
      Size/MD5 checksum:   296358 e2d6fac489aaca1da105b103dcf3c84c
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_s390.deb
      Size/MD5 checksum:   183506 d181a9d198e471ad6634c9b7b3fb6b18
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_s390.deb
      Size/MD5 checksum:   216164 f480772db37197c2ed364b61185e90f6

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_sparc.deb
      Size/MD5 checksum:   289156 f3de4592a6ec6678c36499fe6ed59915
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_sparc.deb
      Size/MD5 checksum:   169062 880af57dc7c562dbd0a668878115b5f4
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_sparc.deb
      Size/MD5 checksum:   201582 08f5653424161a44534bb0c5346cab53

- -------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBQtFgdw0hVr09l8FJAQL5zwP8CnBQpF0xNEB1us9bONz2Zd6e8EPeYjNt
IODViTb4FawBYggVWBwAfh+XJkQO/hhLoigkJLLaIngx+bPYju5xMpANz4tB1KVe
Rr2CCMOvZrfz+Uv+AQgtEbnxhZ9XBfar00PJwPbFoXT3BpSgidpqeswdhRiF9bjy
yL5fMgsd6Zo=
=M00Q
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F38139)

Gentoo Linux Security Advisory 200506-7 (PacketStormID:F38139)
2005-06-20 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-1796
[点击下载]

Gentoo Linux Security Advisory GLSA 200506-07 - The curses_msg function of Ettercap's Ncurses-based user interface insecurely implements formatted printing. Versions less than 0.7.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200506-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Ettercap: Format string vulnerability
      Date: June 11, 2005
      Bugs: #94474
        ID: 200506-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A format string vulnerability in Ettercap could allow a remote attacker
to execute arbitrary code.

Background
==========

Ettercap is a suite of tools for content filtering, sniffing and man in
the middle attacks on a LAN.

Affected packages
=================

    -------------------------------------------------------------------
     Package                /  Vulnerable  /                Unaffected
    -------------------------------------------------------------------
  1  net-analyzer/ettercap       < 0.7.3                      >= 0.7.3

Description
===========

The curses_msg function of Ettercap's Ncurses-based user interface
insecurely implements formatted printing.

Impact
======

A remote attacker could craft a malicious network flow that would
result in executing arbitrary code with the rights of the user running
the Ettercap tool, which is often root.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Ettercap users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.7.3"

References
==========

  [ 1 ] CAN-2005-1796
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1796

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-07.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

16960
ettercap curses_msg() Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-05-29 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.7.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Ettercap Remote Format String Vulnerability
Input Validation Error 13820
Yes No
2005-05-31 12:00:00 2009-07-12 02:56:00
The vendor reported this issue.

- 受影响的程序版本

Ettercap Ettercap-NG 0.7.2
Ettercap Ettercap-NG 0.7.1
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Ettercap Ettercap-NG 0.7 .0
Ettercap Ettercap 0.6.9
Ettercap Ettercap 0.6.7
Ettercap Ettercap 0.6.6 .6
Ettercap Ettercap 0.6.5
Ettercap Ettercap 0.6.4
Ettercap Ettercap 0.6.3 .1
Ettercap Ettercap 0.6 .b
Ettercap Ettercap 0.6 .a
Ettercap Ettercap-NG 0.7.3

- 不受影响的程序版本

Ettercap Ettercap-NG 0.7.3

- 漏洞讨论

Ettercap is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to utilizing it as a format specifier in a formatted printing function.

To exploit this vulnerability, an attacker would craft network data that will result in one of the protocol dissectors logging usernames and passwords. Other means of attack may also be possible.

This vulnerability allows remote attackers to modify arbitrary memory locations, resulting in the control of program execution, leading to the ability to execute arbitrary machine code in the context of the affected application.

This vulnerability is only exploitable when the curses user interface is being utilized by a user.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Gentoo users can upgrade by issuing the following commands:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.7.3"

The vendor has released version 0.7.3 of Ettercap to address this issue.

Debian Linux has relased security advisory DSA 749-1 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced advisory for further information.


Ettercap Ettercap 0.6 .b

Ettercap Ettercap 0.6 .a

Ettercap Ettercap 0.6.3 .1

Ettercap Ettercap 0.6.4

Ettercap Ettercap 0.6.5

Ettercap Ettercap 0.6.6 .6

Ettercap Ettercap 0.6.7

Ettercap Ettercap 0.6.9

Ettercap Ettercap-NG 0.7 .0

Ettercap Ettercap-NG 0.7.1

Ettercap Ettercap-NG 0.7.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站