Multiple vulnerabilities have been found in Ettercap, the worst of which may allow execution of arbitrary code.
|Package||net-analyzer/ettercap on all architectures|
|Affected versions||< 0.7.5.2|
|Unaffected versions||>= 0.7.5.2|
Ettercap is a suite of tools for content filtering, sniffing and man in the middle attacks on a LAN.
Multiple vulnerabilities have been discovered in Ettercap:
A remote attacker could entice a user to load a specially crafted configuration file using Ettercap, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
There is no known workaround at this time.
All Ettercap users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.7.5.2"