Updated ettercap package fixes security vulnerabilities:
Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password (CVE-2014-6395).
The dissectorpostgresql function in dissectors/ecpostgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location (CVE-2014-6396).
Integer underflow in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small size variable value in the dissectordhcp function in dissectors/ecdhcp.c, length value to the dissectorgg function in dissectors/ecgg.c, or string length to the getdecodelen function in ecutils.c or a request without a username or password to the dissectorTN3270 function in dissectors/ec_TN3270.c (CVE-2014-9376).
Heap-based buffer overflow in the nbnsspoof function in plug-ins/nbnsspoof/nbns_spoof.c in Ettercap 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet (CVE-2014-9377).
Ettercap 8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted name to the parseline function in mdnsspoof/mdnsspoof.c or base64 encoded password to the dissectorimap function in dissectors/ec_imap.c (CVE-2014-9378).
The radiusgetattribute function in dissectors/ec_radius.c in Ettercap 8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow (CVE-2014-9379).
The dissectorcvs function in dissectors/eccvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature (CVE-2014-9380).
Integer signedness error in the dissectorcvs function in dissectors/eccvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation (CVE-2014-9381).