svn commit: r310513 - head/security/vuxml
Eygene Ryabinkin
rea at FreeBSD.org
Wed Jan 16 19:13:32 UTC 2013
Author: rea
Date: Wed Jan 16 19:13:31 2013
New Revision: 310513
URL: http://svnweb.freebsd.org/changeset/ports/310513
Log:
VuXML: document buffer overflow in ettercap (CVE-2013-0722)
Reviewed by: simon@
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jan 16 19:11:43 2013 (r310512)
+++ head/security/vuxml/vuln.xml Wed Jan 16 19:13:31 2013 (r310513)
@@ -51,6 +51,38 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1b9b199f-5efd-11e2-a1ee-c48508086173">
+ <topic>ettercap -- buffer overflow in target list parsing</topic>
+ <affects>
+ <package>
+ <name>ettercap</name>
+ <range><lt>0.7.4.1</lt></range>
+ <range><ge>0.7.5</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Host target list parsing routine in ettercap
+ 0.7.4-series prior to 0.7.4.1 and 0.7.5-series
+ is prone to the stack-based buffer overflow that
+ may lead to the code execution with the privileges
+ of the ettercap process.</p>
+ <p>In order to trigger this vulnerability, user or service
+ that use ettercap should be tricked to pass the crafted list
+ of targets via the "-j" option.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-0722</cvename>
+ <url>http://www.exploit-db.com/exploits/23945/</url>
+ <url>https://secunia.com/advisories/51731/</url>
+ </references>
+ <dates>
+ <discovery>2013-01-07</discovery>
+ <entry>2013-01-16</entry>
+ </dates>
+ </vuln>
+
<vuln vid="d5e0317e-5e45-11e2-a113-c48508086173">
<topic>java 7.x -- security manager bypass</topic>
<affects>
More information about the svn-ports-all
mailing list