[Secure-testing-team] Re: ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c

[Ulf Harnhammar]

On Sat, Jul 09, 2005 at 02:58:23PM +0100, Roger Leigh wrote:
> > Just FYI, CAN-2005-1796 (Debian bug #311615) was fixed with ettercap
>  
> -   wdg_scroll_print(sysmsg_win, EC_COLOR, (char *)msg);
> +   wdg_scroll_print(sysmsg_win, EC_COLOR, "%s", (char *)msg);

This looks like a typical format string bug and not a buffer overflow.
cve.mitre.org describes it that way as well.

// Ulf