Описание
The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Ettercap 0.7.3, when the GTK interface is used, does not ensure that the contents of the .ettercap_gtk file are controlled by the root user, which allows local users to conduct stack-based buffer overflow attacks and possibly execute arbitrary code, cause a denial of service (memory consumption), or possibly have unspecified other impact via crafted lines in this file.
The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Ettercap 0.7.3, when the GTK interface is used, does not ensure that the contents of the .ettercap_gtk file are controlled by the root user, which allows local users to conduct stack-based buffer overflow attacks and possibly execute arbitrary code, cause a denial of service (memory consumption), or possibly have unspecified other impact via crafted lines in this file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-3843
- https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347
- https://bugzilla.redhat.com/show_bug.cgi?id=643453
- http://article.gmane.org/gmane.comp.security.oss.general/3660
- http://secunia.com/advisories/41820
- http://www.openwall.com/lists/oss-security/2010/10/13/2
- http://www.openwall.com/lists/oss-security/2010/10/13/6
- http://www.openwall.com/lists/oss-security/2010/10/14/1
- http://www.openwall.com/lists/oss-security/2010/10/14/2
Связанные уязвимости
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
The GTK version of ettercap uses a global settings file at /tmp/.etter ...
Уязвимость функции gtkui_conf_read() компонента src/interfacesgtk/ec_gtk_conf.c инструмента защиты от MITM атак в LAN Ettercap, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании