Vulnerabilites related to ettercap-project - ettercap
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B757BFA2-DFC1-4DB8-B838-25082E9EBB6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation."
},
{
"lang": "es",
"value": "Error de entero sin signo en la funci\u00f3n dissector_cvs en dissectors/ec_cvs.c en Ettercap 0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una contrase\u00f1a manipulada que desencadena una asignaci\u00f3n larga de memoria."
}
],
"id": "CVE-2014-9381",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:31.567",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71693"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/Ettercap/ettercap/pull/609"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/Ettercap/ettercap/pull/609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B757BFA2-DFC1-4DB8-B838-25082E9EBB6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow."
},
{
"lang": "es",
"value": "La funci\u00f3n radius_get_attribute en dissectors/ec_radius.c en Ettercap 0.8.1 realiza un molde incorrecto, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar un c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, lo que desencadena un desbordamiento de b\u00fafer basado en pila."
}
],
"id": "CVE-2014-9379",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:29.863",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71698"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/pull/607"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "cve@mitre.org",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/pull/607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-12 22:15
Modified
2024-11-21 01:19
Severity ?
Summary
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2010-3844 | Broken Link, Third Party Advisory | |
| secalert@redhat.com | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0 | ||
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2010-3844 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2010-3844 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3844 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | 0.7.3 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2978311-721E-41CB-9F3B-6C6B8F492A1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack."
},
{
"lang": "es",
"value": "Una llamada a la funci\u00f3n sscanf() no comprobada en ettercap en versiones anteriores a la 0.7.5, permite que un archivo de configuraci\u00f3n temporal no seguro desborde un b\u00fafer de tama\u00f1o est\u00e1tico sobre la pila."
}
],
"id": "CVE-2010-3844",
"lastModified": "2024-11-21T01:19:44.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-12T22:15:10.713",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2010-3844"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2010-3844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3844"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-11 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | * | |
| ettercap-project | ettercap | 0.6.3.1 | |
| ettercap-project | ettercap | 0.7.2 | |
| ettercap-project | ettercap | 0.7.3 | |
| ettercap-project | ettercap | 0.7.4 | |
| ettercap-project | ettercap | 0.7.4.1 | |
| ettercap-project | ettercap | 0.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6B6096-C0C1-4B44-B093-46C5EB4F225B",
"versionEndIncluding": "0.7.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1E667A-42E3-42E9-9BFC-F2CE7AC315C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5F208A-D2C2-4EB7-9114-BBBFEDB85F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2978311-721E-41CB-9F3B-6C6B8F492A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67C5AFC4-D295-40DC-B595-08EE008B32B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33D13D1D-80B4-4D6D-84AA-1285478542A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0A97E-397A-4799-B325-A4DF992D7482",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n scan_load_hosts en ec_scan.c en Ettercap v0.7.5.1 y anteriores podr\u00eda permitir a usuarios locales obetner privilegios a trav\u00e9s de una lista de hosts troyanizada conteniendo una l\u00ednea larga."
}
],
"id": "CVE-2013-0722",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-11T22:55:01.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51731"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/23945/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securation.com/files/2013/01/ec.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/57175"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=451198"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/23945/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securation.com/files/2013/01/ec.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=451198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894092"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B757BFA2-DFC1-4DB8-B838-25082E9EBB6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n nbns_spoof en plug-ins/nbns_spoof/nbns_spoof.c en Ettercap 0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete netbios grande."
}
],
"id": "CVE-2014-9377",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:27.987",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71690"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/pull/603"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "cve@mitre.org",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/pull/603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE87499-621C-4E4C-989E-D80B9FFA19FB",
"versionEndIncluding": "0.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n dissector_postgresql en dissectors/ec_postgresql.c en Ettercap en versiones anteriores a 0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un valor de longitud de contrase\u00f1a manipulado que es inconsistente con la longitud de contrase\u00f1a actual."
}
],
"id": "CVE-2014-6395",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:06.033",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71689"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "cve@mitre.org",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B757BFA2-DFC1-4DB8-B838-25082E9EBB6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c."
},
{
"lang": "es",
"value": "Desbordamiento inferior de entero en Ettercap 0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un (1) valor de tama\u00f1o variable peque\u00f1o en la funci\u00f3n dissector_dhcp en dissectors/ec_dhcp.c, (2) valor de longitud peque\u00f1o a la funci\u00f3n dissector_gg en dissectors/ec_gg.c o (3) longitud de cadena peque\u00f1a a la funci\u00f3n get_decode_len en ec_utils.c o una petici\u00f3n sin (4) nombre de usuario o (5) contrase\u00f1a a la funci\u00f3n dissector_TN3270 en dissectors/ec_TN3270.c."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/191.html\"\u003eCWE-191: Integer Underflow (Wrap or Wraparound)\u003c/a\u003e",
"id": "CVE-2014-9376",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:27.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71696"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/pull/602"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/pull/605"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/pull/606"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/pull/609"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "cve@mitre.org",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/pull/602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/pull/605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/pull/606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/pull/609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-28 13:15
Modified
2024-11-21 01:19
Severity ?
Summary
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://article.gmane.org/gmane.comp.security.oss.general/3660 | ||
| secalert@redhat.com | https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347 | Patch, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=643453 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://article.gmane.org/gmane.comp.security.oss.general/3660 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=643453 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | 0.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2978311-721E-41CB-9F3B-6C6B8F492A1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack."
},
{
"lang": "es",
"value": "La versi\u00f3n GTK de ettercap utiliza un archivo de configuraci\u00f3n global en /tmp/.ettercap_gtk y no verifica la propiedad de este archivo. Cuando se analiza este archivo en busca de configuraciones en gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), una llamada a sscanf() no verificada permite que un archivo de configuraciones malintencionado desborde un b\u00fafer de tama\u00f1o est\u00e1tico en la pila"
}
],
"id": "CVE-2010-3843",
"lastModified": "2024-11-21T01:19:44.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-28T13:15:07.283",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://article.gmane.org/gmane.comp.security.oss.general/3660"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.comp.security.oss.general/3660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643453"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B757BFA2-DFC1-4DB8-B838-25082E9EBB6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature."
},
{
"lang": "es",
"value": "La funci\u00f3n dissector_cvs en dissectors/ec_cvs.c en Ettercap 0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un paquete que contiene solo una firma CVS_LOGIN."
}
],
"id": "CVE-2014-9380",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:30.660",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71691"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/pull/608"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "cve@mitre.org",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/pull/608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-15 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65344FA4-AE57-4D1A-A2EF-67FC5C09961A",
"versionEndIncluding": "0.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter."
},
{
"lang": "es",
"value": "La funci\u00f3n compile_tree en ef_compiler.c en la utilidad Etterfilter de Ettercap 0.8.2 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un filtro manipulado."
}
],
"id": "CVE-2017-6430",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-15T15:59:01.030",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3874"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/540223/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96582"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038057"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Ettercap/ettercap/issues/782"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/540223/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Ettercap/ettercap/issues/782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE87499-621C-4E4C-989E-D80B9FFA19FB",
"versionEndIncluding": "0.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location."
},
{
"lang": "es",
"value": "La funci\u00f3n dissector_postgresql en dissectors/ec_postgresql.c en Ettercap en versiones anteriores a 0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente ejecutar un c\u00f3digo arbitrario a trav\u00e9s de una longitud de contrase\u00f1a manipulada, la que desencadena un car\u00e1cter 0 para ser escrito en una ubicaci\u00f3n de memoria arbitraria."
}
],
"id": "CVE-2014-6396",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:07.347",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71697"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "cve@mitre.org",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ettercap-project | ettercap | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B757BFA2-DFC1-4DB8-B838-25082E9EBB6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c."
},
{
"lang": "es",
"value": "Ettercap 0.8.1 no valida ciertos valores de retorno, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) nombre manipulado a la funci\u00f3n parse_line en mdns_spoof/mdns_spoof.c o (2) contrase\u00f1a codificada base64 manipulada a la funci\u00f3n dissector_imap en dissectors/ec_imap.c."
}
],
"id": "CVE-2014-9378",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:28.940",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71695"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/pull/604"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Ettercap/ettercap/pull/610"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "cve@mitre.org",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/pull/604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Ettercap/ettercap/pull/610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-9381 (GCVE-0-2014-9381)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "71693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71693"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "71693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71693"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201505-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/",
"refsource": "MISC",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "71693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71693"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/609",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9381",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6395 (GCVE-0-2014-6395)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 12:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:23.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "71689",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "71689",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201505-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "71689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71689"
},
{
"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/",
"refsource": "MISC",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6395",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-09-15T00:00:00",
"dateUpdated": "2024-08-06T12:17:23.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9377 (GCVE-0-2014-9377)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "71690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71690"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "71690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71690"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201505-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/603",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/603"
},
{
"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/",
"refsource": "MISC",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "71690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71690"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9377",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6396 (GCVE-0-2014-6396)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 12:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:23.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"name": "71697",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71697"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"name": "71697",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71697"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201505-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/",
"refsource": "MISC",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"name": "71697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71697"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6396",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-09-15T00:00:00",
"dateUpdated": "2024-08-06T12:17:23.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9378 (GCVE-0-2014-9378)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/610"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"name": "71695",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/610"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"name": "71695",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201505-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/",
"refsource": "MISC",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/610",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/610"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"name": "71695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71695"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/604",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9378",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3843 (GCVE-0-2010-3843)
Vulnerability from cvelistv5
Published
2021-05-28 12:14
Modified
2024-08-07 03:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643453"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.security.oss.general/3660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ettercap",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ettercap 0.7.5"
}
]
}
],
"datePublic": "2010-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T12:10:36",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643453"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://article.gmane.org/gmane.comp.security.oss.general/3660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ettercap",
"version": {
"version_data": [
{
"version_value": "ettercap 0.7.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=643453",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643453"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347"
},
{
"name": "http://article.gmane.org/gmane.comp.security.oss.general/3660",
"refsource": "MISC",
"url": "http://article.gmane.org/gmane.comp.security.oss.general/3660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3843",
"datePublished": "2021-05-28T12:14:46",
"dateReserved": "2010-10-08T00:00:00",
"dateUpdated": "2024-08-07T03:26:12.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9380 (GCVE-0-2014-9380)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/608"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"name": "71691",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/608"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"name": "71691",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201505-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/608",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/608"
},
{
"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/",
"refsource": "MISC",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"name": "71691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9380",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9376 (GCVE-0-2014-9376)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/606"
},
{
"name": "71696",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71696"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/602"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/605"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/606"
},
{
"name": "71696",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71696"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/602"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/605"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201505-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/606",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/606"
},
{
"name": "71696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71696"
},
{
"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/",
"refsource": "MISC",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/602",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/602"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/605",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/605"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/609",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9376",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9379 (GCVE-0-2014-9379)
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/pull/607"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "71698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71698"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201505-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Ettercap/ettercap/pull/607"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "71698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71698"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201505-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201505-01"
},
{
"name": "https://github.com/Ettercap/ettercap/pull/607",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/pull/607"
},
{
"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/",
"refsource": "MISC",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "71698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71698"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9379",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6430 (GCVE-0-2017-6430)
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-05 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170306 CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540223/100/0/threaded"
},
{
"name": "96582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96582"
},
{
"name": "DSA-3874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3874"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/issues/782"
},
{
"name": "1038057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20170306 CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540223/100/0/threaded"
},
{
"name": "96582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96582"
},
{
"name": "DSA-3874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3874"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Ettercap/ettercap/issues/782"
},
{
"name": "1038057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170306 CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540223/100/0/threaded"
},
{
"name": "96582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96582"
},
{
"name": "DSA-3874",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3874"
},
{
"name": "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506",
"refsource": "MISC",
"url": "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506"
},
{
"name": "https://github.com/Ettercap/ettercap/issues/782",
"refsource": "MISC",
"url": "https://github.com/Ettercap/ettercap/issues/782"
},
{
"name": "1038057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6430",
"datePublished": "2017-03-15T15:00:00",
"dateReserved": "2017-03-02T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0722 (GCVE-0-2013-0722)
Vulnerability from cvelistv5
Published
2013-01-11 22:00
Modified
2024-08-06 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securation.com/files/2013/01/ec.patch"
},
{
"name": "23945",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/23945/"
},
{
"name": "51731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51731"
},
{
"name": "57175",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=451198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securation.com/files/2013/01/ec.patch"
},
{
"name": "23945",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/23945/"
},
{
"name": "51731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51731"
},
{
"name": "57175",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=451198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-0722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securation.com/files/2013/01/ec.patch",
"refsource": "MISC",
"url": "http://www.securation.com/files/2013/01/ec.patch"
},
{
"name": "23945",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23945/"
},
{
"name": "51731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51731"
},
{
"name": "57175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57175"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=451198",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=451198"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=894092",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-0722",
"datePublished": "2013-01-11T22:00:00",
"dateReserved": "2013-01-02T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3844 (GCVE-0-2010-3844)
Vulnerability from cvelistv5
Published
2019-11-12 21:47
Modified
2024-08-07 03:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:11.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3844"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-3844"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ettercap",
"vendor": "ettercap",
"versions": [
{
"status": "affected",
"version": "0.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-18T20:11:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3844"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-3844"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3844",
"datePublished": "2019-11-12T21:47:08",
"dateReserved": "2010-10-08T00:00:00",
"dateUpdated": "2024-08-07T03:26:11.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}