Date: Wed, 13 Oct 2010 09:57:36 -0400 From: Dan Rosenberg <dan.j.rosenberg@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request: ettercap GTK The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file before reading it. When parsing this file for settings in gtkui_conf_read() (src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call can result in a stack-based buffer overflow. Local users can place maliciously crafted settings files at this location to exploit other users who run ettercap. On most distributions, stack-smashing protection will mitigate the impact. I'm unclear as to whether there are settings that could be forced upon other users that make ettercap misbehave in a dangerous way. There are two issues here (insecure temporary file usage and stack-based buffer overflow), but they're probably only security-relevant when exploited in conjunction. Not sure if it should get one CVE or two. Reference: https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347 -Dan
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.