CVE-2010-3843

Published: May 28, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.

Affected (1)

Products: Ettercap Project: Ettercap

Ettercap Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ettercap Project Ettercap	Version 0.7.3

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

http://article.gmane.org/gmane.comp.security.oss.general/3660

Source: secalert@redhat.com

https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347

Source: secalert@redhat.com

PatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=643453

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

http://article.gmane.org/gmane.comp.security.oss.general/3660

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=643453

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.