CVE-2010-3843

June 9, 2021

The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Ettercap 0.7.3, when the GTK interface is used, does not ensure that the contents of the .ettercap_gtk file are controlled by the root user, which allows local users to conduct stack-based buffer overflow attacks and possibly execute arbitrary code, cause a denial of service (memory consumption), or possibly have unspecified other impact via crafted lines in this file.

Summary:

The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Ettercap 0.7.3, when the GTK interface is used, does not ensure that the contents of the .ettercap_gtk file are controlled by the root user, which allows local users to conduct stack-based buffer overflow attacks and possibly execute arbitrary code, cause a denial of service (memory consumption), or possibly have unspecified other impact via crafted lines in this file.

Reference Links(if available):

  • https://bugzilla.redhat.com/show_bug.cgi?id=643453
  • https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347
  • http://secunia.com/advisories/41820
  • http://www.openwall.com/lists/oss-security/2010/10/13/2
  • http://www.openwall.com/lists/oss-security/2010/10/14/1

    • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    alerts

    Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

    April 25, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

    April 25, 2024
    hkcert

    Cisco Products Multiple Vulnerabilities

    April 25, 2024
    HIBP Banner 1

    T2 – 94,584 breached accounts

    April 25, 2024
    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    April 25, 2024