Candidate: CVE-2010-3843 PublicDate: 2021-05-28 13:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3843 Description: The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack. Ubuntu-Description: Notes: sbeattie> mitigated by YAMA on natty and newer Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130 https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347 Priority: low Discovered-by: Dan Rosenberg Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_ettercap: upstream: https://github.com/drizztbsd/ettercap/commit/7f8a7a8cc18fd852c795f3f531d98ca8b58f5cbc upstream_ettercap: released (1:0.7.4-1) hardy_ettercap: ignored (reached end-of-life) lucid_ettercap: ignored (reached end-of-life) natty_ettercap: ignored (reached end-of-life) oneiric_ettercap: ignored (reached end-of-life) precise_ettercap: ignored (reached end-of-life) precise/esm_ettercap: DNE (precise was needs-triage) quantal_ettercap: ignored (reached end-of-life) raring_ettercap: ignored (reached end-of-life) saucy_ettercap: ignored (reached end-of-life) trusty_ettercap: not-affected (1:0.8.0-11ubuntu0.3) trusty/esm_ettercap: DNE (trusty was not-affected [1:0.8.0-11ubuntu0.3]) utopic_ettercap: ignored (reached end-of-life) vivid_ettercap: ignored (reached end-of-life) vivid/stable-phone-overlay_ettercap: DNE vivid/ubuntu-core_ettercap: DNE wily_ettercap: ignored (reached end-of-life) xenial_ettercap: not-affected (1:0.8.0-11ubuntu0.3) yakkety_ettercap: ignored (reached end-of-life) zesty_ettercap: ignored (reached end-of-life) artful_ettercap: ignored (reached end-of-life) bionic_ettercap: not-affected (1:0.8.0-11ubuntu0.3) cosmic_ettercap: not-affected (1:0.8.0-11ubuntu0.3) devel_ettercap: not-affected (1:0.8.0-11ubuntu0.3)