<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re:Potential hole in Ettercap 0.6.2

Re:Potential hole in Ettercap 0.6.2

From: ALoR <Alor_at_iol.it>
Date: Tue, 04 Dec 2001 21:52:16 +0100

At 19.44 04-12-2001, you wrote:
>It is not configured as default from their source forge distrobution
>files. I did find out that that using %s instead of %x caused it do dump
>the current working directory:
>
>
>Pretty strange no dbout, but since you can't run as a regular user no real
>security implications...

Right, by default the suid option is disabled. and to suid it you have to
recompile it with an explict option.

btw the next version will be fixed.

<full disclosure>
the problem was a forgotten "printf(buffer)" in the Interface_WExit(char
*buffer) function.
so to fix it simply replace the line 1252 of ec_interface.c with
printf("%s", buffer);
</full disclosure>

bye

--==> ALoR <==---------------------- - - -

ettercap project : http://ettercap.sourceforge.net
e-mail: alor (at) users (dot) sourceforge (dot) net
Received on Dec 04 2001

This message: [ Message body ]
Next message: Jose Nazario: "Re:Potential hole in Ettercap 0.6.2"
Previous message: Blue Boar: "Re: Potential hole in Ettercap 0.6.2"
In reply to: w1re p4ir: "Re:Potential hole in Ettercap 0.6.2"
Next in thread: Jose Nazario: "Re:Potential hole in Ettercap 0.6.2"
Reply: Jose Nazario: "Re:Potential hole in Ettercap 0.6.2"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos