CVE-2013-0722

NameCVE-2013-0722
DescriptionStack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs697987

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ettercap (PTS)stretch1:0.8.2-6fixed
buster1:0.8.2-10fixed
bullseye1:0.8.3.1-3fixed
bookworm, sid1:0.8.3.1-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ettercapsourcesqueeze1:0.7.3-2.1+squeeze1
ettercapsource(unstable)1:0.7.5.1-2low697987

Notes

https://www.openwall.com/lists/oss-security/2013/01/10/2
http://www.exploit-db.com/exploits/23945/
https://secunia.com/advisories/51731/
Proposed patch http://www.securation.com/files/2013/01/ec.patch
Search for package or bug name: Reporting problems