Joined: 12 May 2004
|Posted: Sat May 17, 2014 8:26 pm Post subject: [ GLSA 201405-12 ] Ettercap: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: Ettercap: Multiple vulnerabilities (GLSA 201405-12)
Date: May 17, 2014
Bug(s): #340897, #451198
Multiple vulnerabilities have been found in Ettercap, the worst of
which may allow execution of arbitrary code.
Ettercap is a suite of tools for content filtering, sniffing and man in
the middle attacks on a LAN.
Vulnerable: < 0.7.5.2
Unaffected: >= 0.7.5.2
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in Ettercap:
- Ettercap does not handle temporary files securely (CVE-2010-3843).
- A format string flaw in Ettercap could cause a buffer overflow
- A stack-based buffer overflow exists in Ettercap (CVE-2013-0722).
A remote attacker could entice a user to load a specially crafted
configuration file using Ettercap, possibly resulting in execution of
arbitrary code with the privileges of the process or a Denial of Service
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application.
There is no known workaround at this time.
All Ettercap users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.7.5.2"