CVE-2010-3843
published 2021-05-28CVE-2010-3843: The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings…
PriorityP337high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.31%
23.0th percentile
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ettercap | < ettercap 1:0.7.4-1 (bookworm) | ettercap 1:0.7.4-1 (bookworm) |
| ettercap-project | ettercap | — | — |
| ettercap-project | ettercap | — | — |
| ettercap-project | ettercap | >= 0 < 1:0.7.4-1 | 1:0.7.4-1 |
| ettercap-project | ettercap | >= 0 < 1:0.7.4-1 | 1:0.7.4-1 |
| ettercap-project | ettercap | >= 0 < 1:0.7.4-1 | 1:0.7.4-1 |
| ettercap-project | ettercap | >= 0 < 1:0.7.4-1 | 1:0.7.4-1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-3843: ettercap - The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk an...
vendor_debian·2010·CVSS 7.8
CVE-2010-3843 [HIGH] CVE-2010-3843: ettercap - The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk an...
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
Scope: local
bookworm: resolved (fixed in 1:0.7.4-1)
bullseye: resolved (fixed in 1:0.7.4-1)
forky: resolved (fixed in 1:0.7.4-1)
sid: resolved (fixed in 1:0.7.4-1)
trixie: resolved (fixed in 1:0.7.4-1)
GHSA
GHSA-2w85-hj5c-563j: The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf
ghsa_unreviewed·2022-04-21
CVE-2010-3843 [HIGH] CWE-120 GHSA-2w85-hj5c-563j: The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf
The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Ettercap 0.7.3, when the GTK interface is used, does not ensure that the contents of the .ettercap_gtk file are controlled by the root user, which allows local users to conduct stack-based buffer overflow attacks and possibly execute arbitrary code, cause a denial of service (memory consumption), or possibly have unspecified other impact via crafted lines in this file.
OSV
CVE-2010-3843: The GTK version of ettercap uses a global settings file at /tmp/
osv·2021-05-28·CVSS 7.8
CVE-2010-3843 [HIGH] CVE-2010-3843: The GTK version of ettercap uses a global settings file at /tmp/
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-3843 ettercap: insecure global settings file [epel-5]
bugzilla·2011-05-31·CVSS 7.8
CVE-2010-3843 [HIGH] CVE-2010-3843 ettercap: insecure global settings file [epel-5]
CVE-2010-3843 ettercap: insecure global settings file [epel-5]
epel-5 tracking bug for ettercap: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Resolved in 0.7.3-20, stable.
Bugzilla
CVE-2010-3843 ettercap: insecure global settings file [epel-4]
bugzilla·2011-05-31·CVSS 7.8
CVE-2010-3843 [HIGH] CVE-2010-3843 ettercap: insecure global settings file [epel-4]
CVE-2010-3843 ettercap: insecure global settings file [epel-4]
epel-4 tracking bug for ettercap: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
EPEL-4 has reached end of life and is no longer supported.
Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug.
See: http://lists.fedoraproject.org/pipermail/epel-announce/2012-February/000015.html
Bugzilla
CVE-2010-3843 ettercap: insecure global settings file
bugzilla·2010-10-15·CVSS 7.8
CVE-2010-3843 [HIGH] CVE-2010-3843 ettercap: insecure global settings file
CVE-2010-3843 ettercap: insecure global settings file
Dan Rosenberg reported [1] the following vulnerability in Ettercap-GTK:
The GTK version of ettercap uses a global settings file
at /tmp/.ettercap_gtk and does not verify ownership of this
file. When parsing this file for settings in gtkui_conf_read()
(src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call allows a
maliciously placed settings file to overflow a statically-sized buffer
on the stack. Stack-smashing protection catches it, but it still should
be fixed.
Verify with:
$ perl -e 'print "A"x500' > /tmp/.ettercap_gtk && ettercap -G
Firstly, the settings file should not be globally accessible without
checking ownership, which still gets hairy because an attacker could
create a symlink or hard link to a victim-controlled
Bugzilla
CVE-2010-3843 ettercap: insecure global settings file [fedora-all]
bugzilla·2010-10-15·CVSS 7.8
CVE-2010-3843 [HIGH] CVE-2010-3843 ettercap: insecure global settings file [fedora-all]
CVE-2010-3843 ettercap: insecure global settings file [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=643453
Please note: this issue affects multiple support
http://article.gmane.org/gmane.comp.security.oss.general/3660https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347https://bugzilla.redhat.com/show_bug.cgi?id=643453http://article.gmane.org/gmane.comp.security.oss.general/3660https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347https://bugzilla.redhat.com/show_bug.cgi?id=643453
2021-05-28
Published