From Mageia wiki
MGASA-2012-0214
| Date: | August 12th, 2012 |
| Affected releases: | 2 |
Description:
Updated ettercap package fixes security vulnerability:
The GTK version of ettercap uses a global settings file at
/tmp/.ettercap_gtk and does not verify ownership of this file. When
parsing this file for settings in gtkui_conf_read()
(src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call allows
a maliciously placed settings file to overflow a statically-sized
buffer on the stack (CVE-2010-3843).
Updated Packages:
ettercap-0.7.4.1-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3843
http://lists.fedoraproject.org/pipermail/package-announce/2012-February/072925.html
https://bugs.mageia.org/show_bug.cgi?id=6988
