Vulnerability Development mailing list archives
Re:Potential hole in Ettercap 0.6.2
From: "w1re p4ir" <w1rep4ir () disinfo net>
Date: 4 Dec 2001 19:44:54 -0000
It is not configured as default from their source forge distrobution files. I did find out that that using %s instead
of %x caused it do dump the current working directory:
ettercap %s%s%s%s%s%s%s%s%s%s%s
ettercap 0.6.0 brought from the dark side of the net by ALoR and NaGA...
may the packets be with you...
Invalid host address PWD=/rootÄôÿt$,èy²þÿÄ Äôhèi²þÿÄôj
ettercap0.6.0Uåì
PWD=/rootÄÄüShiÿèZÿÿÄôjÿèDbÿÿìÜ !!
Pretty strange no dbout, but since you can't run as a regular user no real security implications...
w1re
________________________________________________________
The Best News Source On The Web - http://www.disinfo.com
Current thread:
- Potential hole in Ettercap 0.6.2 Blue Boar (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Michal Zalewski (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Blue Boar (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Jonathan Bloomquist (Dec 04)
- Proof of concept for the format bug in Ettercap 0.6.2 BAILLEUX Christophe (Dec 05)
- <Possible follow-ups>
- Re:Potential hole in Ettercap 0.6.2 w1re p4ir (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 Jose Nazario (Dec 04)
- Message not available
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Michal Zalewski (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Melsa (Dec 04)