Vulnerability Development mailing list archives
Re:Potential hole in Ettercap 0.6.2
From: ALoR <Alor () iol it>
Date: Tue, 04 Dec 2001 21:52:16 +0100
At 19.44 04-12-2001, you wrote:
It is not configured as default from their source forge distrobution files. I did find out that that using %s instead of %x caused it do dump the current working directory:Pretty strange no dbout, but since you can't run as a regular user no real security implications...
Right, by default the suid option is disabled. and to suid it you have to recompile it with an explict option.
btw the next version will be fixed. <full disclosure>the problem was a forgotten "printf(buffer)" in the Interface_WExit(char *buffer) function. so to fix it simply replace the line 1252 of ec_interface.c with printf("%s", buffer);
</full disclosure> bye --==> ALoR <==---------------------- - - - ettercap project : http://ettercap.sourceforge.net e-mail: alor (at) users (dot) sourceforge (dot) net
Current thread:
- Potential hole in Ettercap 0.6.2 Blue Boar (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Michal Zalewski (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Blue Boar (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Jonathan Bloomquist (Dec 04)
- Proof of concept for the format bug in Ettercap 0.6.2 BAILLEUX Christophe (Dec 05)
- <Possible follow-ups>
- Re:Potential hole in Ettercap 0.6.2 w1re p4ir (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 Jose Nazario (Dec 04)
- Message not available
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Michal Zalewski (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Melsa (Dec 04)