ettercap segmentation fault after "Scan for hosts"

Bug #364917 reported by whoop on 2009-04-22
This bug affects 28 people
Affects Status Importance Assigned to Milestone
ettercap (Debian)
Fix Released
ettercap (Ubuntu)
Nominated for Lucid by Tsip4

Bug Description

Binary package hint: ettercap-gtk

Description: Ubuntu jaunty
Release: 9.04

After selecting Sniff->Unified sniffing, selecting Hosts->San for hosts will crash the application:
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Dissector "dns" not supported (etter.conf line 70)
Ooops ! This shouldn't happen...
Segmentation Fault...

Please recompile in debug mode, reproduce the bug and send a bugreport

As a side note this doesn't happen the first time you do this, but it does happen all the times after that.

ProblemType: Bug
Architecture: amd64
DistroRelease: Ubuntu 9.04
ExecutablePath: /usr/sbin/ettercap
NonfreeKernelModules: nvidia
Package: ettercap-gtk 1:0.7.3-1.2ubuntu4
ProcAttrCurrent: unconfined
 PATH=(custom, no user)
SourcePackage: ettercap
Uname: Linux 2.6.28-11-generic x86_64

whoop (whoopwhoop) wrote :
description: updated
whoop (whoopwhoop) on 2009-04-22
description: updated
Kendall (conrad-php) wrote :

Would have expected debug mode to be enabled by a switch, not a recompile.

cz (cz314159265) wrote :

i have had exactly the same issues outlined above by whoop, but only if i attempt to run program from the menu. however, the problem seems more to be an internal permissions issue in jaunty. if i run from a terminal as root with any of the interface options (T, C or G) then program runs fine.

hope that helps narrow things down. could be simpler than suspected. in the mean time, hope this helps others run this much loved pkg.

psy (p-root-lordepsylon-net) wrote :
Download full text (8.5 KiB)

When try GTK mode. (ettercap -G)

*** glibc detected *** ettercap: realloc(): invalid next size: 0x0000000000d319c0 ***
======= Backtrace: =========
======= Memory map: ========
00400000-00475000 r-xp 00000000 08:01 1961979 /usr/sbin/ettercap
00674000-00675000 r--p 00074000 08:01 1961979 /usr/sbin/ettercap
00675000-00678000 rw-p 00075000 08:01 1961979 /usr/sbin/ettercap
00678000-00685000 rw-p 00678000 00:00 0
009e6000-00ee1000 rw-p 009e6000 00:00 0 [heap]
7f7c88000000-7f7c88021000 rw-p 7f7c88000000 00:00 0
7f7c88021000-7f7c8c000000 ---p 7f7c88021000 00:00 0
7f7c8c87e000-7f7c8c894000 r-xp 00000000 08:01 7856188 /lib/
7f7c8c894000-7f7c8ca94000 ---p 00016000 08:01 7856188 /lib/
7f7c8ca94000-7f7c8ca95000 r--p 00016000 08:01 7856188 /lib/
7f7c8ca95000-7f7c8ca96000 rw-p 00017000 08:01 7856188 /lib/
7f7c8ca96000-7f7c8ce76000 rw-s 00000000 00:04 5515658 socket:[5515658]
7f7c8ce76000-7f7c8ce85000 r-xp 00000000 08:01 7856165 /lib/
7f7c8ce85000-7f7c8d085000 ---p 0000f000 08:01 7856165 /lib/
7f7c8d085000-7f7c8d086000 r--p 0000f000 08:01 7856165 /lib/
7f7c8d086000-7f7c8d087000 rw-p 00010000 08:01 7856165 /lib/
7f7c8d087000-7f7c8d1da000 r-xp 00000000 08:01 1961363 /usr/lib/
7f7c8d1da000-7f7c8d3d9000 ---p 00153000 08:01 1961363 /usr/lib/
7f7c8d3d9000-7f7c8d3e1000 r--p 00152000 08:01 1961363 /usr/lib/
7f7c8d3e1000-7f7c8d3e3000 rw-p 0015a000 08:01 1961363 /usr/lib/
7f7c8d3e3000-7f7c8d3e4000 rw-p 7f7c8d3e3000 00:00 0
7f7c8d3e4000-7f7c8d41a000 r-xp 00000000 08:01 1960578 /usr/lib/
7f7c8d41a000-7f7c8d619000 ---p 00036000 08:01 1960578 /usr/lib/
7f7c8d619000-7f7c8d61d000 rw-p 00035000 08:01 1960578 /usr/lib/
7f7c8d61d000-7f7c8d656000 r-xp 00000000 08:01 1960839 /usr/lib/
7f7c8d656000-7f7c8d856000 ---p 00039000 08:01 1960839 /usr/lib/
7f7c8d856000-7f7c8d859000 r--p 00039000 08:01 1960839 /usr/lib/
7f7c8d859000-7f7c8d85a000 rw-p 0003c000 08:01 1960839 /usr/lib/
7f7c8d85a000-7f7c8d85c000 rw-p 7f7c8d85a000 00:00 0
7f7c8d85c000-7f7c8d891000 r-xp 00000000 08:01 1961198 /usr/lib/
7f7c8d891000-7f7c8da91000 ---p 00035000 08:01 1961198 ...


The problem is in a wrong casting that doesn't works under 64bit architecture.

I attach a patch to fix it

I also put the fixed version (for jaunty and karmic) in my ppa

Changed in ettercap (Ubuntu):
status: New → Confirmed

I attach the patch in the usual debdiff format ready to be included in ubuntu :)

Changed in ettercap (Ubuntu):
assignee: nobody → Timothy Redaelli (timothy-redaelli)
status: Confirmed → Fix Committed
Changed in ettercap (Debian):
status: Unknown → New
Changed in ettercap (Ubuntu):
status: Fix Committed → New
Chuck Short (zulcss) wrote :

Hi Timothy,

Since jaunty has been frozen one now has to follow the SRU process to get the fix into jaunty. I noticed that this fix has not made it into karmic, if possible can you attach the debdiff for karmic and we can go from there.


Julien Lavergne (gilir) wrote :

According to the debian bug report, the issue was resolved with 1:0.7.3-1.3 version, which was released in Karmic. Please re-open it's the issue is still here.

Changed in ettercap (Ubuntu):
status: New → Fix Released
Changed in ettercap (Debian):
status: New → Fix Released
Turkong (matias-fontanini) wrote :

I've downloaded ettercap and it seems problem persists. I'm getting segmentation fault.
My ettercap version is 1:0.7.3-1.4ubuntu1.

Turkong (matias-fontanini) wrote :

I can use it with Curses interface, but not gtk. When installing ettercap-gtk, ettercap package is removed(ettercap-common not), therefore not even Curses works.

Daniel (internalkernel) wrote :

Im also using the 1:0.7.3-1.4ubuntu1 out of the karmic repos and this problem persists. I get the same backtrace as comment #4 posted.

AMD64 bit, Ubuntu 9.10 Karmic - I'd be happy to provide any more info needed.

ideesnoires (ideesnoires) wrote :

i also get the realloc segfault error on amd64:

*** glibc detected *** ettercap: realloc(): invalid next size:
0x0000000002347f00 ***
======= Backtrace: =========
======= Memory map: ========
00400000-00475000 r-xp 00000000 fc:02 222558
00674000-00675000 r--p 00074000 fc:02 222558
00675000-00678000 rw-p 00075000 fc:02 222558
00678000-00685000 rw-p 00000000 00:00 0
01fc7000-02392000 rw-p 00000000 00:00 0 [heap]
7fbee8000000-7fbee8021000 rw-p 00000000 00:00 0


Changed in ettercap (Ubuntu):
status: Fix Released → Confirmed

the bug is still present in jaunty

(sorry I mean LUCID)

Cuong Dang (cuongdang) wrote :

Yes, It is still present in Lucid on my Dell 64 bits.

Santiago M. Mola (smola) wrote :

I'm *not* experiencing this bug anymore in Karmic nor Lucid (both x86-64). If I can provide any useful information about my systems just ask.

I have this problem with ettercap-gtk 1:0.7.3-1.4ubuntu1 (LUCID)

Changed in ettercap (Ubuntu):
status: Confirmed → Fix Released
John Dong (jdong) wrote :

As far as I see the patch has not been included in Lucid -- setting bug status back to Triaged.

Changed in ettercap (Ubuntu):
status: Fix Released → Triaged

Where did you see the patch isn't in Lucid?

John Dong (jdong) wrote :

Sorry, lack of sleep and impatience -- I didn't see the patch in the patchsys. However, the Scan for hosts feature in the GUI still randomly segfaults.

I have the same problem in my 64bit ubuntu lucid, if you could reproduce this bug please fill a new one!

This bug should rest "fix released" cause the patch is in the ubuntu package.

Changed in ettercap (Ubuntu):
status: Triaged → Fix Released

Agreed. Let's move off to a new bug.

On Apr 24, 2010, at 4:55 PM, LocutusOfBorg wrote:

> I have the same problem in my 64bit ubuntu lucid, if you could reproduce
> this bug please fill a new one!
> This bug should rest "fix released" cause the patch is in the ubuntu
> package.
> ** Changed in: ettercap (Ubuntu)
> Status: Triaged => Fix Released
> --
> ettercap segmentation fault after "Scan for hosts"
> You received this bug notification because you are a direct subscriber
> of the bug.

Frank (f-sardis) wrote :

Bug present in 10.04 Lucid Lynx 32 bit. I got ettercap from the Software Centre.

Frank is this bug present _every_ time you scan for hosts?

ruben0909 (ruben0909) wrote :

yes, always for me in 10.04 32bit

@Frank @ruben0909 since your bug seems to be unrelated with this one, please open a new one and link here the new bug (seems to be unrelated because the patch that fixed this amd64 bug is in the ettercap deb file)

Can you try my experimental version built without pthread in my ppa?

Changed in ettercap (Ubuntu):
status: Fix Released → Fix Committed
status: Fix Committed → Fix Released
Ivan Kuc (ivan-kuc) on 2010-06-30
Changed in ettercap (Ubuntu):
status: Fix Released → Fix Committed
Ivan Kuc (ivan-kuc) on 2010-06-30
Changed in ettercap (Ubuntu):
status: Fix Committed → Fix Released
Batu (batub) wrote :

Thanks Timothy, you version worked and fixed all the issues I had with ettercap before on Ubuntu 10.4. :D I am a happy man right now.

mikeloco14 (mikeloco14) wrote :

I'm using maverick and still happens.

Changed in ettercap (Ubuntu):
assignee: Timothy Redaelli (timothy-redaelli) → otacon.liberta (prince-is-back)

I will send the debdiff for maverick later

Changed in ettercap (Ubuntu):
assignee: otacon.liberta (prince-is-back) → Timothy Redaelli (timothy-redaelli)

I attach the patch in the usual debdiff format ready to be included in ubuntu :)

fran (fjrl87) on 2010-12-01
Changed in ettercap (Ubuntu):
assignee: Timothy Redaelli (timothy-redaelli) → fran (fjrl87)
assignee: fran (fjrl87) → nobody
Turtle-sapo (turtle-sapo) wrote :

well... i'm a young programmer new to Linux...
but wasnt this suposed to be included into the software center?
i downloaded in the software center ... and it crashes after scanning for hosts.
amd 64.

Try this package,

the fix isn't included in the official repository yet

Turtle-sapo (turtle-sapo) wrote :

yep it scans with that package.

torres (weikeat-ho) wrote :

How do I download the package? Which want should I downoad? (sorry, I am very new to ubuntu)

torres (weikeat-ho) wrote :


Package files

    * ettercap-common_0.7.3-1.4ubuntu1drizzt1_amd64.deb (312.9 KiB)
    * ettercap-common_0.7.3-1.4ubuntu1drizzt1_i386.deb (296.4 KiB)
    * ettercap-gtk_0.7.3-1.4ubuntu1drizzt1_amd64.deb (246.1 KiB)
    * ettercap-gtk_0.7.3-1.4ubuntu1drizzt1_i386.deb (226.9 KiB)
    * ettercap_0.7.3-1.4ubuntu1drizzt1.diff.gz (7.5 KiB)
    * ettercap_0.7.3-1.4ubuntu1drizzt1.dsc (1.2 KiB)
    * ettercap_0.7.3-1.4ubuntu1drizzt1_amd64.deb (205.3 KiB)
    * ettercap_0.7.3-1.4ubuntu1drizzt1_i386.deb (188.9 KiB)
    * ettercap_0.7.3.orig.tar.gz (1.1 MiB)

I am using ubuntu 10.10 32bit.

Some of them I can open it in Ubuntu software centre but it's stated that it has been installed.

Thank you in advanced.

ok try this in your bash:

sudo mkdir ettercap
cd ettercap
sudo dpkg -i *.deb
cd ..
sudo rm ettercap -Rf

for creating the directory ettercap
go into the directory
wget stands for downloading a file from internet
(you have to download the three files in order to make it work)
dpkg -i is useful to manually install a package and *.deb stands for install every deb files in this directory)
rm stands for remove directory ettercap

the other way is to add the ppa repository in synaptic (in the options menu) and update the package by clicking the reload button and the apply one.

this should be easy but I'm not sure about the correctness of it since I prevere the command line way... :)


Grant Curell (grantcurell) wrote :

Starting it from the command line in the format sudo ettercap -G -i [interface] worked for me.

@Timothy your patch is included in the ubuntu repo?

This bug is fixed in the current Natty development branch

Please anybody could test the natty release of ettercap and tell if the bug is really fixed?


tags: added: verification-needed

(I confirm the patch fixes the bug)

I can't find any new patch of ettercap under natty =>

The problem is STILL present!
It does not show up for other reasons (maybe gtk version?), but it can show up in later versions since the bug is STILL present.

See lp #588007 for a proper fix

If you read the changelog carefully you will find the patch applied, the first version of this patch was not so good, so the debian team had modified into a new one
ettercap (1:0.7.3-2.1) unstable; urgency=low

  * Non-maintainer upload.
  * 01_pointers_and_ints_dont_mix.diff: Cast to u_char* rather than
    simply removing the cast. Updated patch by Robert Edmonds.
    (Closes: #521857)

your patch seems to insert a new bug, please see and

Marcelo Fernandez (fernandezm) wrote :

Is this bug really fixed? I'm using Ubuntu 11.10 in x86_64 fully updated and still getting the same crash...


could you try 0.7.4 from precise repository?

Can Saner (cansaner) wrote :

I am using ettercap-gtk 1:0.7.3-2.1 and it still crashes...

please open a new bug with ubuntu-bug ettercap

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.