CVE-2010-3843

Name of the Vulnerable Software and Affected Versions ettercap (affected versions not specified)

Description The issue is related to the gtkui conf read() function in the src/interfaces/gtk/ec gtk conf.c component of the ettercap tool, which is used for protection against MITM attacks in LAN. The problem arises from the lack of verification of the ownership of the /tmp/.ettercap gtk file. This can be exploited by an attacker to gain access to confidential data, compromise its integrity, and cause a denial of service. The exploitation is possible due to an unchecked sscanf() call when parsing the settings file, allowing a maliciously placed settings file to overflow a statically-sized buffer on the stack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.