|
Message-ID: <1798676991.445821286996790804.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Date: Wed, 13 Oct 2010 15:06:30 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: ettercap GTK ----- "Dan Rosenberg" <dan.j.rosenberg@...il.com> wrote: > The GTK version of ettercap uses a global settings file at > /tmp/.ettercap_gtk and does not verify ownership of this file before > reading it. When parsing this file for settings in gtkui_conf_read() > (src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call can > result in a stack-based buffer overflow. Local users can place > maliciously crafted settings files at this location to exploit other > users who run ettercap. On most distributions, stack-smashing > protection will mitigate the impact. I'm unclear as to whether there > are settings that could be forced upon other users that make ettercap > misbehave in a dangerous way. > > There are two issues here (insecure temporary file usage and > stack-based buffer overflow), but they're probably only > security-relevant when exploited in conjunction. Not sure if it > should get one CVE or two. > > Reference: > https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347 > > We'll use two: CVE-2010-3843 ettercap GTK insecure temporary file use CVE-2010-3844 ettercap GTK format string flaw Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.