Package name
ettercap
Date
2013-04-09
Advisory ID
MDVSA-2013:077
Affected versions
MBS1 x86_64

Problem description

Updated ettercap package fixes security vulnerability:

The GTK version of ettercap uses a global settings file
at /tmp/.ettercap_gtk and does not verify ownership of this
file. When parsing this file for settings in gtkui_conf_read\(\)
(src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf\(\) call allows
a maliciously placed settings file to overflow a statically-sized
buffer on the stack (CVE-2010-3843).

Updated packages

MBS1 x86_64

 3b1926751ab8b544ccde86dc95c97784  mbs1/x86_64/ettercap-0.7.4.1-2.1.mbs1.x86_64.rpm 
 6896e3154851bb661e1129c22fdda1c4  mbs1/SRPMS/ettercap-0.7.4.1-2.1.mbs1.src.rpm

References