CVE-2002-0276

Ettercap <= 0.6.3.1 - Remote Code Execution via Large Packet Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0276. PoCs published by Fermín J. Serna.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Ettercap 0.6.3.1 by sending a crafted packet with a large payload to overwrite stack data, leading to arbitrary code execution. It leverages interfaces with MTU larger than 2000 bytes to trigger the overflow.

Description

Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Fermín J. Serna · cremotelinux
https://www.exploit-db.com/exploits/21289

This exploit targets a buffer overflow vulnerability in Ettercap 0.6.3.1 by sending a crafted packet with a large payload to overwrite stack data, leading to arbitrary code execution. It leverages interfaces with MTU larger than 2000 bytes to trigger the overflow.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ettercap 0.6.3.1
No auth needed
Prerequisites: Interface with MTU > 2000 bytes · Ettercap running on target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101370874219511&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4104
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8200.php

Scores

EPSS 0.0496
EPSS Percentile 91.1%

Details

Status published
Products (1)
ettercap/ettercap 0.6.3.1
Published May 31, 2002
Tracked Since Feb 18, 2026