CVE-2010-3843
N/A
N/A
Summary
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | ettercap | ettercap 0.7.5 | affected |
Weaknesses
- CWE-787: CWE-787
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=643453
- https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347
- http://article.gmane.org/gmane.comp.security.oss.general/3660
References
- https://bugzilla.redhat.com/show_bug.cgi?id=643453
- https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347
- http://article.gmane.org/gmane.comp.security.oss.general/3660
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.