{"vuid":"VU#286468","idnumber":"286468","name":"Ettercap contains a format string error in the \"curses_msg()\" function","keywords":["Ettercap","format string","curses_msg() function","arbitrary code execution"],"overview":"Ettercap has a format string vulnerability in the ncurses user interface.","clean_desc":"Ettercap is open-source software designed for man-in-the-middle attacks on LANs. Ettercap contains multiple user interfaces, including one written using ncurses, a library for manipulating text screens. In Ettercap v.NG-0.7.2, the ncurses user interface suffers from a format string defect. Previous versions may also be vulnerable. curses_msg() in ec_curses.c calls wdg_scroll_print(), which takes a format string and its parameters and passes it to vw_printw(). curses_msg() uses one of its parameters as the format string. This input can include user-data, allowing for a format string vulnerability.","impact":"According to public reports, if Ettercap is running in ncurses mode, a malicious network packet can be constructed to execute arbitrary code.","resolution":"Upgrade to Ettercap v.NG-0.7.3 or later.","workarounds":"","sysaffected":"","thanks":"This report was created based on information from Ettercap maintainers.","author":"This document was written by Hal Burch.","public":["http://secunia.com/advisories/15535/","http://securitytracker.com/alerts/2005/May/1014084.html","http://ettercap.sourceforge.net/history.php","http://www.securityfocus.com/archive/1/402049"],"cveids":["CVE-2005-1796"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-06-01T13:38:54Z","publicdate":"2005-05-31T00:00:00Z","datefirstpublished":"2005-07-06T20:14:46Z","dateupdated":"2005-07-11T19:08:23Z","revision":19,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"5","cam_impact":"19","cam_easeofexploitation":"11","cam_attackeraccessrequired":"18","cam_scorecurrent":"8.1118125","cam_scorecurrentwidelyknown":"8.1118125","cam_scorecurrentwidelyknownexploited":"15.1655625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.1118125,"vulnote":null}