Full Disclosure mailing list archives
CVE-2014-5439 - Root shell on Sniffit [with exploit]
From: Hector Marco <hecmargi () upv es>
Date: Wed, 26 Nov 2014 16:22:57 +0100
CVE-2014-5439 - Root shell on Sniffit Sniffit is a packet sniffer and monitoring tool.The attacker can create a specially-crafted sniffit configuration file, which is able
to bypass all three protection mechanisms: - Non-eXecutable bit NX - Stack Smashing Protector SSP - Address Space Layout Randomisation ASLR And execute arbitrary code with root privileges. Exploit, fix and discussion in: http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html Regards, Hector Marco. http://hmarco.org Cybersecurity researcher at: http://cybersecurity.upv.es/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2014-5439 - Root shell on Sniffit [with exploit] Hector Marco (Nov 26)