CVE-2014-9376 - Vulnerability Details - OpenCVE

Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ettercap-project	Ettercap

Configuration 1 [-]

cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/534248/100/0/threaded
http://www.securityfocus.com/bid/71696
https://github.com/Ettercap/ettercap/pull/602
https://github.com/Ettercap/ettercap/pull/605
https://github.com/Ettercap/ettercap/pull/606
https://github.com/Ettercap/ettercap/pull/609
https://security.gentoo.org/glsa/201505-01
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-19T15:00:00

Updated: 2024-08-06T13:40:25.200Z

Reserved: 2014-12-11T00:00:00

Link: CVE-2014-9376

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-12-19T15:59:27.097

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-9376

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201505-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201505-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ettercap/ettercap/pull/606"}, {"name": "71696", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71696"}, {"tags": ["x_refsource_MISC"], "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ettercap/ettercap/pull/602"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ettercap/ettercap/pull/605"}, {"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ettercap/ettercap/pull/609"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9376", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201505-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201505-01"}, {"name": "https://github.com/Ettercap/ettercap/pull/606", "refsource": "CONFIRM", "url": "https://github.com/Ettercap/ettercap/pull/606"}, {"name": "71696", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71696"}, {"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/", "refsource": "MISC", "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}, {"name": "https://github.com/Ettercap/ettercap/pull/602", "refsource": "CONFIRM", "url": "https://github.com/Ettercap/ettercap/pull/602"}, {"name": "https://github.com/Ettercap/ettercap/pull/605", "refsource": "CONFIRM", "url": "https://github.com/Ettercap/ettercap/pull/605"}, {"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"name": "https://github.com/Ettercap/ettercap/pull/609", "refsource": "CONFIRM", "url": "https://github.com/Ettercap/ettercap/pull/609"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:25.200Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201505-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201505-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Ettercap/ettercap/pull/606"}, {"name": "71696", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71696"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Ettercap/ettercap/pull/602"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Ettercap/ettercap/pull/605"}, {"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Ettercap/ettercap/pull/609"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9376", "datePublished": "2014-12-19T15:00:00", "dateReserved": "2014-12-11T00:00:00", "dateUpdated": "2024-08-06T13:40:25.200Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B757BFA2-DFC1-4DB8-B838-25082E9EBB6F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c."}, {"lang": "es", "value": "Desbordamiento inferior de entero en Ettercap 0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un (1) valor de tama\u00f1o variable peque\u00f1o en la funci\u00f3n dissector_dhcp en dissectors/ec_dhcp.c, (2) valor de longitud peque\u00f1o a la funci\u00f3n dissector_gg en dissectors/ec_gg.c o (3) longitud de cadena peque\u00f1a a la funci\u00f3n get_decode_len en ec_utils.c o una petici\u00f3n sin (4) nombre de usuario o (5) contrase\u00f1a a la funci\u00f3n dissector_TN3270 en dissectors/ec_TN3270.c."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/191.html\">CWE-191: Integer Underflow (Wrap or Wraparound)</a>", "id": "CVE-2014-9376", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-19T15:59:27.097", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/71696"}, {"source": "cve@mitre.org", "url": "https://github.com/Ettercap/ettercap/pull/602"}, {"source": "cve@mitre.org", "url": "https://github.com/Ettercap/ettercap/pull/605"}, {"source": "cve@mitre.org", "url": "https://github.com/Ettercap/ettercap/pull/606"}, {"source": "cve@mitre.org", "url": "https://github.com/Ettercap/ettercap/pull/609"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201505-01"}, {"source": "cve@mitre.org", "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71696"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Ettercap/ettercap/pull/602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Ettercap/ettercap/pull/605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Ettercap/ettercap/pull/606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Ettercap/ettercap/pull/609"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201505-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}