Vulnerability Development mailing list archives

Re: Remote exploit for popular Sniffer Ettercap.

From: Giorgio <deneb () unixwave org>
Date: Thu, 13 Dec 2001 04:00:23 +0100

On Wed, Dec 12, 2001, vuln-dev wrote:

Hello Readers, 

GOBBLES Labs full disclosure advisory + exploit for popular sniffer 
Ettercap.  Do not confuse this with GOBBLES-11.txt or GOBBLES-own-ettercap.c 
; this is one of the many remote exploits we wrote for this program.


Ok at the full disclosure, but it will be better even check the current
CVS tree, before doing useless announces.

The new ettercap today was released and fix this and another security holes
that you've not found.
The day after your first announce, the ettercap developers started to check
all static buffer and most of format strings, introduced the strlcpy in 
the CVS tree and replaced most of sprintf/strcpy with more less error prone 
strlcpy/strlcat/snprintf. I checked the project at Sat 8 Dec as betatester,
and I noticed that still all most of the dissectors were checked against buffer 
overflows.
However every vendor/distro should replace the old version with the 0.6.3.

Cheers,
deneb.

-----------------
Giorgio Zoppi
http://www.cli.di.unipi.it/~zoppi/

Current thread:

Remote exploit for popular Sniffer Ettercap. vuln-dev (Dec 12)
- Re: Remote exploit for popular Sniffer Ettercap. Brian (Dec 12)
- Re: Remote exploit for popular Sniffer Ettercap. Giorgio (Dec 12)
  - Re: Remote exploit for popular Sniffer Ettercap. Blue Boar (Dec 12)
- <Possible follow-ups>
- Re: Remote exploit for popular Sniffer Ettercap. ALoR (Dec 12)