[ettercap] CVE-2010-3843.
Jon Ciesla
limb at fedoraproject.org
Thu Jan 26 19:54:30 UTC 2012
commit 6b2e32596db04f0d3c16ad21599e2eba8b63531c
Author: Jon Ciesla <limburgher at gmail.com>
Date: Thu Jan 26 13:54:00 2012 -0600
CVE-2010-3843.
ettercap-0.7.4-CVE-2010-3843.patch | 37 ++++++++++++++++++++++++++++++++++++
ettercap.spec | 7 +++++-
2 files changed, 43 insertions(+), 1 deletions(-)
---
diff --git a/ettercap-0.7.4-CVE-2010-3843.patch b/ettercap-0.7.4-CVE-2010-3843.patch
new file mode 100644
index 0000000..d2a5926
--- /dev/null
+++ b/ettercap-0.7.4-CVE-2010-3843.patch
@@ -0,0 +1,37 @@
+--- src/interfaces/gtk/ec_gtk_conf.c~ 2011-12-04 17:24:30.000000000 -0600
++++ src/interfaces/gtk/ec_gtk_conf.c 2012-01-26 13:43:04.201897836 -0600
+@@ -69,15 +69,9 @@
+ char line[100], name[30];
+ short value;
+
+-#ifdef OS_WINDOWS
+- path = ec_win_get_user_dir();
+-#else
+- /* TODO: get the dopped privs home dir instead of "/root" */
+- /* path = g_get_home_dir(); */
+- path = g_get_tmp_dir();
+-#endif
++ path = g_get_user_config_dir();
+
+- filename = g_build_filename(path, ".ettercap_gtk", NULL);
++ filename = g_build_filename(path, "ettercap_gtk", NULL);
+
+ DEBUG_MSG("gtkui_conf_read: %s", filename);
+
+@@ -86,8 +80,14 @@
+ return;
+
+ while(fgets(line, 100, fd)) {
+- sscanf(line, "%s = %hd", name, &value);
+-
++ char *p = strchr(line, '=');
++ if(!p)
++ continue;
++ *p = '\0';
++ snprintf(name, sizeof(name), "%s", line);
++ strlcpy(name, line, sizeof(name) - 1);
++ g_strstrip(name);
++ value = atoi(p + 1);
+ gtkui_conf_set(name, value);
+ }
+ fclose(fd);
diff --git a/ettercap.spec b/ettercap.spec
index 1b92f45..49f7a9b 100644
--- a/ettercap.spec
+++ b/ettercap.spec
@@ -1,6 +1,6 @@
Name: ettercap
Version: 0.7.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Network traffic sniffer/analyser, NCURSES interface version
Group: Applications/Internet
License: GPLv2+
@@ -20,6 +20,7 @@ Patch5: ettercap-NG-0.7.3-selinux-fcntl.patch
#Patch7: ettercap-NG-0.7.3-passive-dns.patch
# Remove the silly modification restriction
Patch8: ettercap-NG-0.7.3-license-fix.patch
+Patch9: ettercap-0.7.4-CVE-2010-3843.patch
BuildRoot: %{_tmppath}/%{name}-NG-%{version}-%{release}-root%(%{__id_u} -n)
@@ -115,6 +116,7 @@ This package contains the GTK version.
#%patch6 -p0
#%patch7 -p0
%patch8 -p1 -b .license
+%patch9 -p0
%build
autoconf
@@ -215,6 +217,9 @@ rm -rf %{buildroot}
%{_datadir}/icons/hicolor/32x32/apps/ettercap.png
%changelog
+* Thu Jan 26 2012 Jon Ciesla <limburgher at gmail.com> - 0.7.4-2
+- Patch for CVE-2010-3843.
+
* Thu Jan 26 2012 Jon Ciesla <limburgher at gmail.com> - 0.7.4-1
- New upstream. Now BRs bison, flex.
More information about the scm-commits
mailing list