Re:Potential hole in Ettercap 0.6.2

[ALoR <Alor () iol it>]

At 16.44 04-12-2001, you wrote:

> among other problems. analysis of the gobbles exploit [1] shows its abuse
> of the update process that gets done. in src/ec_main.c:
> {cut}
> so i set my path to be .:$PATH and make my own wget, and what gets
> executed is ./wget. an example one i got to work is:
>
>         #!/bin/sh
>         id
>
> it honors the permissions of the caller ... this is just executing
> ettercap -v, the update path ...

I supposed that ettercap was already runned by root...
btw I can drop the super user priviledges during the system().

        setuid(getuid());
        setgid(getgid());
        system(wget);

is it ok ?


> yeah. there are some format string problems. and there are probably a
> bunch of other problems. the one gobbles was seeing was likely caused by
> the error function 'void Error_msg(char *message, ...)' which doesn't do
> any formatting.

Error_msg() is ok, it was in the Interface_WExit() the problem.

> you have many issues to fix in the code, it appears. i would disblae the

yes, we know that, but ettercap was coded to prove some ARP insecurity, not 
to make a commercial software... ;)

> suid option. yeah, its moronic to install it suid root. however even
> marginaly respecting it (and dropping your priv checks) is a bad idea
> until you can more agressively audit the code, a time consuming process,
> yes. it's a nice tool, i hope you can fix the problems in it.

I hope too... with the help of everyone who finds a bug in it.
Not as goobbles said, without telling us the bugs because we have to find 
it ourself.
This is a leet way of thinking an not a good way to improve the community.

bye

   --==> ALoR <==---------------------- -  -   -

 ettercap project : http://ettercap.sourceforge.net
 e-mail: alor (at) users (dot) sourceforge (dot) net