CVE-2010-3843

NameCVE-2010-3843
DescriptionThe GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs600130

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ettercap (PTS)bullseye1:0.8.3.1-3fixed
bookworm1:0.8.3.1-11fixed
sid, trixie1:0.8.3.1-14fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ettercapsource(unstable)1:0.7.4-1unimportant600130

Notes

Very far-fetched attack vector
Search for package or bug name: Reporting problems