Vulnerability Note VU#286468

Ettercap contains a format string error in the "curses_msg()" function

Overview

Ettercap has a format string vulnerability in the ncurses user interface.

I. Description

Ettercap is open-source software designed for man-in-the-middle attacks on LANs. Ettercap contains multiple user interfaces, including one written using ncurses, a library for manipulating text screens. In Ettercap v.NG-0.7.2, the ncurses user interface suffers from a format string defect. Previous versions may also be vulnerable.

curses_msg() in ec_curses.c calls wdg_scroll_print(), which takes a format string and its parameters and passes it to vw_printw(). curses_msg() uses one of its parameters as the format string. This input can include user-data, allowing for a format string vulnerability.

II. Impact

According to public reports, if Ettercap is running in ncurses mode, a malicious network packet can be constructed to execute arbitrary code.

III. Solution

Upgrade to Ettercap v.NG-0.7.3 or later.

Systems Affected

Vendor	Status	Date Notified
Debian	Vulnerable	11-Jul-2005
Ettercap	Vulnerable	21-Jun-2005
FreeBSD	Unknown	11-Jul-2005
Gentoo	Vulnerable	21-Jun-2005
NetBSD	Unknown	11-Jul-2005
OpenBSD	Unknown	11-Jul-2005

References

http://secunia.com/advisories/15535/
http://securitytracker.com/alerts/2005/May/1014084.html
http://ettercap.sourceforge.net/history.php
http://www.securityfocus.com/archive/1/402049

Credit

This report was created based on information from Ettercap maintainers.

This document was written by Hal Burch.

Other Information

Date Public:	2005-05-31
Date First Published:	2005-07-06
Date Last Updated:	2005-07-11
CERT Advisory:
CVE-ID(s):	CAN-2005-1796
NVD-ID(s):	CAN-2005-1796
US-CERT Technical Alerts:
Metric:	8.11
Document Revision:	19

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader