CVE-2014-5439

Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code.

Published: Nov 19, 2019
Updated: Apr 13, 2023
CVE: CVE-2014-5439
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
sniffit_project / sniffit	-	0.3.7.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x

http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html
http://seclists.org/fulldisclosure/2014/Nov/88
http://www.securityfocus.com/bid/71318

Vulnerability Database

CVE-2014-5439

Deep Security Visibility Without the Complexity