Bettercap MySQL Server Module Integer Coercion Vulnerability Leading to Remote Denial-of-Service

A denial-of-service vulnerability has been identified in Bettercap versions through 2.41.5, specifically within the MySQL server module. The issue arises from improper handling of client handshake packets, where a crafted handshake can cause an integer coercion error. This flaw leads to a crash of the entire Bettercap process, disrupting any active sessions or services. The vulnerability can be exploited remotely by sending a specially crafted packet to the MySQL server port (3306).

Impact

Exploitation of this vulnerability causes Bettercap to crash, terminating the process and stopping any services that were running.

Reproduction

To reproduce this vulnerability, activate the MySQL server module in Bettercap and ensure it is listening on port 3306. Then, send a MySQL client handshake response that includes a specific byte configuration to trigger the crash. This can be done using a simple Python script that connects to the Bettercap instance, sends the crafted handshake, and causes the application to panic and exit.

Remediation

Users are advised to update to the patched version of Bettercap, which is available on the BetterCap GitHub Releases page.