CVE-2010-3843: Buffer Overflow
First published: Fri Oct 15 2010(Updated: )
Dan Rosenberg reported [1] the following vulnerability in Ettercap-GTK: The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack. Stack-smashing protection catches it, but it still should be fixed. Verify with: $ perl -e 'print "A"x500' > /tmp/.ettercap_gtk && ettercap -G Firstly, the settings file should not be globally accessible without checking ownership, which still gets hairy because an attacker could create a symlink or hard link to a victim-controlled file (unless you're using YAMA :p). The best thing would probably be to keep this file in the user's home directory instead. Secondly, parsing configuration files should be robust against malformed input and not susceptible to trivial buffer overflows. This issue has been assigned the name <a href="https://access.redhat.com/security/cve/CVE-2010-3843">CVE-2010-3843</a> [2]. [1] <a href="https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347">https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347</a> [2] <a href="http://article.gmane.org/gmane.comp.security.oss.general/3660">http://article.gmane.org/gmane.comp.security.oss.general/3660</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ettercap | <0.7.5 | 0.7.5 |
| Ettercap | =0.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=643453
- https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347
- http://article.gmane.org/gmane.comp.security.oss.general/3660
- https://access.redhat.com/security/cve/CVE-2010-3843
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=643454
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=709422
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=709423
- https://access.redhat.com/security/cve/CVE-2010-3844
Frequently Asked Questions
What is the severity of CVE-2010-3843?
CVE-2010-3843 is considered a medium severity vulnerability due to its potential to allow unauthorized access to sensitive configurations.
How do I fix CVE-2010-3843?
To fix CVE-2010-3843, ensure that Ettercap is updated to version 0.7.6 or later, where the ownership verification issue has been addressed.
What systems are affected by CVE-2010-3843?
CVE-2010-3843 affects Ettercap versions 0.7.3 up to but not including 0.7.5 on Red Hat and similar distributions.
What impact does CVE-2010-3843 have?
The impact of CVE-2010-3843 could lead to unauthorized users altering globally accessible configuration files in Ettercap.
Can CVE-2010-3843 be exploited remotely?
Yes, CVE-2010-3843 can be exploited remotely if an attacker has access to the file system where the vulnerable version of Ettercap is running.
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-3843
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- package-manager/redhat
- vendor/ettercap-project
- canonical/ettercap
- version/ettercap/0.7.3