From $URL : Description A vulnerability has been discovered in Ettercap, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "scan_load_hosts()" function (src/ec_scan.c) when parsing entries from hosts list, which can be exploited to cause a stack-based buffer overflow via an overly long entry. Successful exploitation may allow execution of arbitrary code but requires tricking a users into using a malicious host file. The vulnerability is confirmed in version 0.7.5.1. Other versions may also be affected. Solution No official solution is currently available. Provided and/or discovered by Sajjad Pourali Original Advisory http://www.exploit-db.com/exploits/23945/
CVE-2013-0722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0722): Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
Arches, please test and mark stable: =net-analyzer/ettercap-0.7.5.2 Target keywords : "alpha amd64 arm hppa ppc ppc64 sparc x86"
amd64 stable
x86 stable
ppc stable
ppc64 stable
Stable for HPPA.
alpha stable
sparc stable
arm stable
Added to existing GLSA draft.
This issue was resolved and addressed in GLSA 201405-12 at http://security.gentoo.org/glsa/glsa-201405-12.xml by GLSA coordinator Sean Amoss (ackle).