Sniffit Mail Logging Buffer Overflow Vulnerability
BID:1158
Info
Sniffit Mail Logging Buffer Overflow Vulnerability
| Bugtraq ID: | 1158 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0343 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | This vulnerability was discovered by FuSyS <[email protected]> of s0ftpr0ject 2k - Digital security for Y2K (s0ftpj) no-profit security research. |
| Vulnerable: |
Brecht Claerhout Sniffit 0.3.7 beta Brecht Claerhout Sniffit 0.3.6 HIP |
| Not Vulnerable: | |
Discussion
Sniffit Mail Logging Buffer Overflow Vulnerability
Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems.
Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniffit is configured to log emails, attackers may be able to exploit a stack overflow in the logging mechanism and execute arbitrary code as root on the underlying host.
There may be other buffer overflow vulnerabilities in sniffit related to the logging mechanism. There are several suspicious instances of sprintf() in the logging functions. Administrators are advised to use more actively supported alternatives such as Snort or dsniff.
Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems.
Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniffit is configured to log emails, attackers may be able to exploit a stack overflow in the logging mechanism and execute arbitrary code as root on the underlying host.
There may be other buffer overflow vulnerabilities in sniffit related to the logging mechanism. There are several suspicious instances of sprintf() in the logging functions. Administrators are advised to use more actively supported alternatives such as Snort or dsniff.
Exploit / POC
Sniffit Mail Logging Buffer Overflow Vulnerability
Solution / Fix
Sniffit Mail Logging Buffer Overflow Vulnerability
Solution:
Sniffit is not actively maintained or supported. Users are advised to use an alternative packet sniffer such as Snort or dsniff.
Some vendor-specific patches have been created:
Brecht Claerhout Sniffit 0.3.6 HIP
Brecht Claerhout Sniffit 0.3.7 beta
Solution:
Sniffit is not actively maintained or supported. Users are advised to use an alternative packet sniffer such as Snort or dsniff.
Some vendor-specific patches have been created:
Brecht Claerhout Sniffit 0.3.6 HIP
-
Debian sniffit_0.3.7.beta-6.1.diff.gz
http://ftp.debian.org/debian/dists/stable/main/source/net/sniffit_0.3. 7.beta-6.1.diff.gz
Brecht Claerhout Sniffit 0.3.7 beta
-
Debian sniffit_0.3.7.beta-6.1.diff.gz
http://ftp.debian.org/debian/dists/stable/main/source/net/sniffit_0.3. 7.beta-6.1.diff.gz
References
Sniffit Mail Logging Buffer Overflow Vulnerability
References:
References:
- s0ftpr0ject 2k (FuSyS)
- Sniffit HomePage (Brecht Claerhout: [email protected])