aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorrea <rea@FreeBSD.org>2013-01-17 03:13:31 +0800
committerrea <rea@FreeBSD.org>2013-01-17 03:13:31 +0800
commitc4c8277bad203ca563d0e378b013e9cac80e4c16 (patch)
treed1831516c5a138bedf073db97cb2cb83f9ae8b2a /security/vuxml
parent01ab61720c0326af8df44fa6820428b247dd77f8 (diff)
downloadfreebsd-ports-gnome-c4c8277bad203ca563d0e378b013e9cac80e4c16.tar.gz
freebsd-ports-gnome-c4c8277bad203ca563d0e378b013e9cac80e4c16.tar.zst
freebsd-ports-gnome-c4c8277bad203ca563d0e378b013e9cac80e4c16.zip
VuXML: document buffer overflow in ettercap (CVE-2013-0722)
Reviewed by: simon@
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml32
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 7137477cebdc..b45c8026f4a0 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,38 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1b9b199f-5efd-11e2-a1ee-c48508086173">
+ <topic>ettercap -- buffer overflow in target list parsing</topic>
+ <affects>
+ <package>
+ <name>ettercap</name>
+ <range><lt>0.7.4.1</lt></range>
+ <range><ge>0.7.5</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Host target list parsing routine in ettercap
+ 0.7.4-series prior to 0.7.4.1 and 0.7.5-series
+ is prone to the stack-based buffer overflow that
+ may lead to the code execution with the privileges
+ of the ettercap process.</p>
+ <p>In order to trigger this vulnerability, user or service
+ that use ettercap should be tricked to pass the crafted list
+ of targets via the "-j" option.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-0722</cvename>
+ <url>http://www.exploit-db.com/exploits/23945/</url>
+ <url>https://secunia.com/advisories/51731/</url>
+ </references>
+ <dates>
+ <discovery>2013-01-07</discovery>
+ <entry>2013-01-16</entry>
+ </dates>
+ </vuln>
+
<vuln vid="d5e0317e-5e45-11e2-a113-c48508086173">
<topic>java 7.x -- security manager bypass</topic>
<affects>