CVE-2014-9378

Name of the Vulnerable Software and Affected Versions Ettercap version 0.8.1

Description The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code. This can be achieved by sending a crafted name to the parse line function in mdns spoof/mdns spoof.c or a base64 encoded password to the dissector imap function in dissectors/ec imap.c.

Recommendations For Ettercap version 0.8.1, as a temporary workaround, consider disabling the parse line function in mdns spoof/mdns spoof.c and the dissector imap function in dissectors/ec imap.c until a patch is available. Avoid using base64 encoded passwords in the affected dissector imap function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.