CVE-2014-5439 - Root shell on Sniffit [with exploit]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

CVE-2014-5439 - Root shell on Sniffit

Sniffit is a packet sniffer and monitoring tool.
The attacker can create a specially-crafted sniffit configuration file, which is able 
to bypass all three protection mechanisms:

  -  Non-eXecutable bit NX
  -  Stack Smashing Protector SSP
  -  Address Space Layout Randomisation ASLR

And execute arbitrary code with root privileges.

Exploit, fix and discussion in:

http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html


Regards,
Hector Marco.
http://hmarco.org

Cybersecurity researcher at:
http://cybersecurity.upv.es/
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux