oss-sec mailing list archives
Re: CVE request: ettercap GTK
From: Josh Bressers <bressers () redhat com>
Date: Wed, 13 Oct 2010 15:06:30 -0400 (EDT)
----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file before reading it. When parsing this file for settings in gtkui_conf_read() (src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call can result in a stack-based buffer overflow. Local users can place maliciously crafted settings files at this location to exploit other users who run ettercap. On most distributions, stack-smashing protection will mitigate the impact. I'm unclear as to whether there are settings that could be forced upon other users that make ettercap misbehave in a dangerous way. There are two issues here (insecure temporary file usage and stack-based buffer overflow), but they're probably only security-relevant when exploited in conjunction. Not sure if it should get one CVE or two. Reference: https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347
We'll use two:
CVE-2010-3843 ettercap GTK insecure temporary file use
CVE-2010-3844 ettercap GTK format string flaw
Thanks.
--
JB
Current thread:
- CVE request: ettercap GTK Dan Rosenberg (Oct 13)
- Re: CVE request: ettercap GTK Josh Bressers (Oct 13)
- Re: CVE request: ettercap GTK Steven M. Christey (Oct 14)
- Re: CVE request: ettercap GTK Dan Rosenberg (Oct 14)
- Re: CVE request: ettercap GTK Steven M. Christey (Oct 14)
- Re: CVE request: ettercap GTK Josh Bressers (Oct 13)