• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ettercap Remote Format String Vulnerability

Ettercap is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to utilizing it as a format specifier in a formatted printing function.

To exploit this vulnerability, an attacker would craft network data that will result in one of the protocol dissectors logging usernames and passwords. Other means of attack may also be possible.

This vulnerability allows remote attackers to modify arbitrary memory locations, resulting in the control of program execution, leading to the ability to execute arbitrary machine code in the context of the affected application.

This vulnerability is only exploitable when the curses user interface is being utilized by a user.