oss-sec mailing list archives
CVE request: ettercap GTK
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Wed, 13 Oct 2010 09:57:36 -0400
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file before reading it. When parsing this file for settings in gtkui_conf_read() (src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call can result in a stack-based buffer overflow. Local users can place maliciously crafted settings files at this location to exploit other users who run ettercap. On most distributions, stack-smashing protection will mitigate the impact. I'm unclear as to whether there are settings that could be forced upon other users that make ettercap misbehave in a dangerous way. There are two issues here (insecure temporary file usage and stack-based buffer overflow), but they're probably only security-relevant when exploited in conjunction. Not sure if it should get one CVE or two. Reference: https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347 -Dan
Current thread:
- CVE request: ettercap GTK Dan Rosenberg (Oct 13)
- Re: CVE request: ettercap GTK Josh Bressers (Oct 13)
- Re: CVE request: ettercap GTK Steven M. Christey (Oct 14)
- Re: CVE request: ettercap GTK Dan Rosenberg (Oct 14)
- Re: CVE request: ettercap GTK Steven M. Christey (Oct 14)
- Re: CVE request: ettercap GTK Josh Bressers (Oct 13)