Re: Potential hole in Ettercap 0.6.2

[Melsa <3Melsa3 () mail ru>]

i have suse 7.3 pro , 
i have test 

ettercap 0.6.2 (c) 2001 ALoR & NaGA

linux:~ # ettercap %x%x%x%x%x%x%x

Invalid host address %x%x%x%x%x%x%x !!




Am 04.12.2001 19:33:16, schrieb Blue Boar <BlueBoar () thievco com>:

> Goobles sent another post to vuln-dev today, which was rejected due
> to personal attacks in their note.  I want to check out their claim, 
> however.  If you want to see their original posting, it's on their
> web site like the others, I'm sure.  It includes a claimed exploit,
> which cannot be posted due to their wishes that it not be separated
> from the advisory.  If someone wants to write an independent exploit,
> I'd be happy to post that, provided it follows the list rules,
> of course.
>
> Here's the basic problem:
>
> ettercap %x%x%x%x%x%x%x
> ettercap 0.6.2 brought from the dark side of the net by ALoR and NaGA...
>
> may the packets be with you...
>
>
> Invalid host address 807a0ef807a0e900bffffb71bffff850805ad52 !!
>
> Gobbles' point is that there is an option to configure it suid,
> so this could be exploitable when that is used.  Why someone
> would want a packet capture program to be used by non-priv users..
> Well, I'm sure there's a good reason somewhere in the world.
>
> Is anyone using it that way?  Are there OS distributions that come
> with Ettercap installed by default?  And, of course, is it suid?
> (I can't imagine it would be.)  The workaround is obvious, don't
> run it suid or allow remote users who do not already have a shell
> to execute it with a command-line parameter (such as via a web 
> interface.)  
>
>                                       BB