The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
References
Link | Resource |
---|---|
http://article.gmane.org/gmane.comp.security.oss.general/3660 | |
https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347 | Patch Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=643453 | Issue Tracking Third Party Advisory |
Configurations
History
08 Jul 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 |
22 Jun 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack. |
09 Jun 2021, 14:13
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
References | (MISC) http://secunia.com/advisories/41820 - Not Applicable | |
References | (MISC) http://www.openwall.com/lists/oss-security/2010/10/14/1 - Mailing List, Third Party Advisory | |
References | (MISC) https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347 - Patch, Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2010/10/14/2 - Mailing List, Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2010/10/13/6 - Mailing List, Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2010/10/13/2 - Mailing List, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=643453 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:ettercap-project:ettercap:0.7.3:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
28 May 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-28 13:15
Updated : 2024-02-04 21:47
NVD link : CVE-2010-3843
Mitre link : CVE-2010-3843
CVE.ORG link : CVE-2010-3843
JSON object : View
Products Affected
ettercap-project
- ettercap
CWE
CWE-787
Out-of-bounds Write