CVE-2010-3844
published 2019-11-12CVE-2010-3844: An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
PriorityP340high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.40%
69.2th percentile
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | ettercap | < ettercap 1:0.7.4-1 (bookworm) | ettercap 1:0.7.4-1 (bookworm) |
| ettercap-project | ettercap | — | — |
| ettercap-project | ettercap | >= 0 < 1:0.7.4-1 | 1:0.7.4-1 |
| ettercap-project | ettercap | >= 0 < 1:0.7.4-1 | 1:0.7.4-1 |
| ettercap-project | ettercap | >= 0 < 1:0.7.4-1 | 1:0.7.4-1 |
| ettercap-project | ettercap | >= 0 < 1:0.7.4-1 | 1:0.7.4-1 |
| ettercap | ettercap | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2jff-xpp2-45x2: An unchecked sscanf() call in ettercap 0
ghsa_unreviewed·2022-04-21
CVE-2010-3844 [MEDIUM] GHSA-2jff-xpp2-45x2: An unchecked sscanf() call in ettercap 0
An unchecked sscanf() call in ettercap 0.7.3 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
OSV
CVE-2010-3844: An unchecked sscanf() call in ettercap before 0
osv·2019-11-12·CVSS 8.8
CVE-2010-3844 [HIGH] CVE-2010-3844: An unchecked sscanf() call in ettercap before 0
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
Debian
CVE-2010-3844: ettercap - An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary...
vendor_debian·2010·CVSS 8.8
CVE-2010-3844 [HIGH] CVE-2010-3844: ettercap - An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary...
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
Scope: local
bookworm: resolved (fixed in 1:0.7.4-1)
bullseye: resolved (fixed in 1:0.7.4-1)
forky: resolved (fixed in 1:0.7.4-1)
sid: resolved (fixed in 1:0.7.4-1)
trixie: resolved (fixed in 1:0.7.4-1)
No detection rules found.
Bugzilla
CVE-2010-3844 ettercap: insecure temporary settings file leads to stack buffer overflow
bugzilla·2019-11-14·CVSS 8.8
CVE-2010-3844 [HIGH] CVE-2010-3844 ettercap: insecure temporary settings file leads to stack buffer overflow
CVE-2010-3844 ettercap: insecure temporary settings file leads to stack buffer overflow
An unchecked sscanf() call in ettercap 0.7.3 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
Reference:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130
Bugzilla
CVE-2010-3843 ettercap: insecure global settings file
bugzilla·2010-10-15·CVSS 7.8
CVE-2010-3843 [HIGH] CVE-2010-3843 ettercap: insecure global settings file
CVE-2010-3843 ettercap: insecure global settings file
Dan Rosenberg reported [1] the following vulnerability in Ettercap-GTK:
The GTK version of ettercap uses a global settings file
at /tmp/.ettercap_gtk and does not verify ownership of this
file. When parsing this file for settings in gtkui_conf_read()
(src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call allows a
maliciously placed settings file to overflow a statically-sized buffer
on the stack. Stack-smashing protection catches it, but it still should
be fixed.
Verify with:
$ perl -e 'print "A"x500' > /tmp/.ettercap_gtk && ettercap -G
Firstly, the settings file should not be globally accessible without
checking ownership, which still gets hairy because an attacker could
create a symlink or hard link to a victim-controlled
https://access.redhat.com/security/cve/cve-2010-3844https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0https://security-tracker.debian.org/tracker/CVE-2010-3844https://access.redhat.com/security/cve/cve-2010-3844https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0https://security-tracker.debian.org/tracker/CVE-2010-3844
2019-11-12
Published