Insecure temporary file and stack buffer overflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ettercap (Debian) |
Fix Released
|
Unknown
|
|||
ettercap (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: ettercap
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfaces
Verify with:
$ perl -e 'print "A"x500' > /tmp/.ettercap_gtk && ettercap -G
Firstly, the settings file should not be globally accessible without checking ownership, which still gets hairy because an attacker could create a symlink or hard link to a victim-controlled file (unless you're using YAMA :p). The best thing would probably be to keep this file in the user's home directory instead.
Secondly, parsing configuration files should be robust against malformed input and not susceptible to trivial buffer overflows.
visibility: | private → public |
Changed in ettercap (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in ettercap (Debian): | |
status: | Unknown → New |
Changed in ettercap (Debian): | |
status: | New → Fix Released |
Fixed in my git => https:/ /github. com/drizztbsd/ ettercap/ commit/ 7f8a7a8cc18fd85 2c795f3f531d98c a8b58f5cbc