Vulnerability Details : CVE-2014-9378
Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c.
Vulnerability category: Input validationExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-9378
Probability of exploitation activity in the next 30 days: 11.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-9378
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-9378
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9378
-
https://github.com/Ettercap/ettercap/pull/604
Fix ignored dn_expand error by NickSampanis · Pull Request #604 · Ettercap/ettercap · GitHub
-
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
Page not found - Obrela Security
-
https://security.gentoo.org/glsa/201505-01
Ettercap: Multiple vulnerabilities (GLSA 201505-01) — Gentoo security
-
http://www.securityfocus.com/archive/1/534248/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/71695
Ettercap 'mdns_spoof.c' Remote Denial of Service Vulnerability
-
https://github.com/Ettercap/ettercap/pull/610
Fix cvs ignore base64 error value by NickSampanis · Pull Request #610 · Ettercap/ettercap · GitHub
Products affected by CVE-2014-9378
- cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*