Vulnerabilities > CVE-2014-5439 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

sniffit-project

debian

CWE-787

nessus

NVD

Published: 2019-11-19

Updated: 2024-11-21

Summary

Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Sniffit_Project Sniffit Project Sniffit 0.1.0 Sniffit Project Sniffit 0.1.1 Sniffit Project Sniffit 0.1.2 Sniffit Project Sniffit 0.2.0 Sniffit Project Sniffit 0.2.1 Sniffit Project Sniffit 0.2.2 Sniffit Project Sniffit 0.3.0 Sniffit Project Sniffit 0.3.1 Sniffit Project Sniffit 0.3.2 Sniffit Project Sniffit 0.3.3 Sniffit Project Sniffit 0.3.4 Sniffit Project Sniffit 0.3.5 Sniffit Project Sniffit 0.3.6 Sniffit Project Sniffit 0.3.7	14
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0 Debian Debian Linux 10.0	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-713.NASL
description	It was discovered that there was a buffer overflow in the packet sniffer and monitoring tool
last seen	2020-03-17
modified	2016-11-22
plugin id	95029
published	2016-11-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95029
title	Debian DLA-713-1 : sniffit security update

Packetstorm

data source	https://packetstormsecurity.com/files/download/129292/sniffit-escalate.txt
id	PACKETSTORM:129292
last seen	2016-12-05
published	2014-11-27
reporter	Hector Marco
source	https://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html
title	Sniffit Root Shell

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Packetstorm

References