CVE-2010-3843

The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Ettercap 0.7.3, when the GTK interface is used, does not ensure that the contents of the .ettercap_gtk file are controlled by the root user, which allows local users to conduct stack-based buffer overflow attacks and possibly execute arbitrary code, cause a denial of service (memory consumption), or possibly have unspecified other impact via crafted lines in this file.

Summary:

The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Ettercap 0.7.3, when the GTK interface is used, does not ensure that the contents of the .ettercap_gtk file are controlled by the root user, which allows local users to conduct stack-based buffer overflow attacks and possibly execute arbitrary code, cause a denial of service (memory consumption), or possibly have unspecified other impact via crafted lines in this file.

Reference Links(if available):

  • https://bugzilla.redhat.com/show_bug.cgi?id=643453
  • https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347
  • http://secunia.com/advisories/41820
  • http://www.openwall.com/lists/oss-security/2010/10/13/2
  • http://www.openwall.com/lists/oss-security/2010/10/14/1
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)