AntiSniff DNS Overflow Vulnerability

BID:1207

Info

AntiSniff DNS Overflow Vulnerability

Bugtraq ID: 1207
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: Yes
Published: May 16 2000 12:00AM
Updated: May 16 2000 12:00AM
Credit: This problem was discovered by Hugo Breton ([email protected]) who works for PGCI http://www.pgci.ca and was published by L0pht/@Stake in a vendor advisory 5.15.2000.
Vulnerable: @Stake AntiSniff - Researchers Version 1.0
@Stake AntiSniff 1.0.1
Not Vulnerable:

Discussion

AntiSniff DNS Overflow Vulnerability

Certain versions of @Stake Inc.'s Antisniffer software contain a remotely exploitable buffer overflow. AntiSniff is a program that was released by L0pht Heavy Industries in July of 1999. It attempts, through a number of tests, to determine if a machine on a local network segment is listening to traffic that is not directed to it (commonly referred to as sniffing). During one particular test there is a problem if a packet that does not adhere to DNS specifications is sent to the AntiSniff machine. This can result in a buffer overflow on the system running AntiSniff. If the packet is crafted appropriately this overflow scenario can be exploited to execute arbitrary code on the system.

This scenario is only possible if AntiSniff is configured to run the DNS test and only during the time the test is running. Nonetheless, it is a vulnerability that should not be ignored and has even been found in other promiscuous mode detection programs as well.

NOTE:

This information was taken verbatim from the L0pht advisory on the subject. This advisory is attached in full in the 'Credit' section of this advisory.

Exploit / POC

Solution / Fix

AntiSniff DNS Overflow Vulnerability

Solution:
Immediate Solution:

Do not run the DNS tests on AntiSniff version 1.01 or the Researchers version 1.0. Download the newer version from http://www.l0pht.com/antisniff which are labeled AntiSniff version 1.02 for the commercial instance and AntiSniff version 1-1 for the researchers instance.


@Stake AntiSniff - Researchers Version 1.0

@Stake AntiSniff 1.0.1

References

AntiSniff DNS Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report