CVE-2014-9376

Name of the Vulnerable Software and Affected Versions Ettercap version 0.8.1

Description The issue is caused by an integer underflow, allowing remote attackers to potentially execute arbitrary code or cause a denial of service through an out-of-bounds write. This can be achieved by providing a small size variable value in the dissector dhcp function, a specific length value to the dissector gg function, or a string length to the get decode len function. Additionally, sending a request without a username or password to the dissector TN3270 function can also trigger the issue.

Recommendations For Ettercap version 0.8.1, consider disabling the dissector dhcp, dissector gg, and dissector TN3270 functions, as well as restricting the use of the get decode len function until a patch is available. Avoid using small size variable values, specific length values, or omitting the username or password in requests to minimize the risk of exploitation.