Buffer Overflow Vulnerability in Ettercap GTK by the Vendor Ettercap
CVE-2010-3843

7.8HIGH

Key Information:

Vendor

Ettercap-project

Status
Ettercap
Vendor
CVE Published:
28 May 2021

What is CVE-2010-3843?

The GTK version of Ettercap is vulnerable due to its handling of a global settings file located at /tmp/.ettercap_gtk. The application fails to verify the ownership of this file before parsing it. As a result, an unchecked sscanf() call can lead to a stack buffer overflow when a malicious user crafts a settings file, potentially allowing the execution of arbitrary code. This vulnerability poses a serious risk to the integrity and confidentiality of user systems utilizing the affected versions of Ettercap GTK.

Affected Version(s)

ettercap ettercap 0.7.5

References

https://bugzilla.redhat.com/show_bug.cgi?id=643453
x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/6...
x_refsource_MISC
http://article.gmane.org/gmane.comp.security.oss.general/...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.