Ettercap Heap-Based Buffer Overflow Vulnerability in GG Dissector Allowing Remote Code Execution

A heap-based buffer overflow vulnerability has been identified in Ettercap versions prior to 0.8.3. The issue resides in the GG Dissector component, specifically within the FUNC_DECODER function of the src/dissectors/ec_gg.c file. The vulnerability arises from inadequate bounds checking when copying data from an attacker-controlled argument, which leads to memory corruption. This flaw can be exploited remotely by sending crafted packets to the affected application.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to memory corruption, a denial-of-service condition, and potentially allow for further exploitation depending on the heap layout.

Reproduction

The vulnerability can be reproduced by running Ettercap in text mode on the network interface that will receive the crafted GG protocol packets. Once Ettercap is running, the vulnerability can be triggered by sending a packet that exploits the buffer overflow condition, such as one with a length greater than what the buffer can safely handle. After the packet is processed, the application will crash, indicating that the memory corruption has occurred.

Remediation

Users are advised to upgrade to Ettercap version 0.8.4 or later, where this vulnerability has been fixed.