CVE-2014-5439 - root shell on sniffit

Ismael Ripoll, Hector Marco

Research output: Other contribution

Abstract

Sniffit is a packet sniffer and monitoring tool. A bug in sniffit prior to 0.3.7 has been found. The bug is caused by an incorrect implementation of the functions clean_filename() and clean_string() which causes a stack buffer overflow when parsing a configuration file with "long" paths (more than 20 characters).

The attacker can to create a specially-crafted sniffit configuration file, which is able to bypass all three protection mechanisms:

Non-eXecutable bit NX
Stack Smashing Protector SSP
Address Space Layout Randomisation ASLR
And execute arbitrary code with root privileges (the id of the user that launches the sniffit).
The new issue has been assigned CVE-2014-5439.

The presented PoC successfully exploits the vulnerability.
LanguageEnglish
TypeCVE-2014-5439
Publisherhttp://hmarco.org
StatePublished - 2014

Fingerprint

Monitoring

Cite this

@misc{61490497736240f9929438c7db915c56,
title = "CVE-2014-5439 - root shell on sniffit",
abstract = "Sniffit is a packet sniffer and monitoring tool. A bug in sniffit prior to 0.3.7 has been found. The bug is caused by an incorrect implementation of the functions clean_filename() and clean_string() which causes a stack buffer overflow when parsing a configuration file with {"}long{"} paths (more than 20 characters).The attacker can to create a specially-crafted sniffit configuration file, which is able to bypass all three protection mechanisms:Non-eXecutable bit NXStack Smashing Protector SSPAddress Space Layout Randomisation ASLRAnd execute arbitrary code with root privileges (the id of the user that launches the sniffit).The new issue has been assigned CVE-2014-5439.The presented PoC successfully exploits the vulnerability.",
author = "Ismael Ripoll and Hector Marco",
year = "2014",
language = "English",
publisher = "http://hmarco.org",
type = "Other",

}

CVE-2014-5439 - root shell on sniffit. / Ripoll, Ismael; Marco, Hector.

http://hmarco.org. 2014, CVE-2014-5439.

Research output: Other contribution

TY - GEN

T1 - CVE-2014-5439 - root shell on sniffit

AU - Ripoll,Ismael

AU - Marco,Hector

PY - 2014

Y1 - 2014

N2 - Sniffit is a packet sniffer and monitoring tool. A bug in sniffit prior to 0.3.7 has been found. The bug is caused by an incorrect implementation of the functions clean_filename() and clean_string() which causes a stack buffer overflow when parsing a configuration file with "long" paths (more than 20 characters).The attacker can to create a specially-crafted sniffit configuration file, which is able to bypass all three protection mechanisms:Non-eXecutable bit NXStack Smashing Protector SSPAddress Space Layout Randomisation ASLRAnd execute arbitrary code with root privileges (the id of the user that launches the sniffit).The new issue has been assigned CVE-2014-5439.The presented PoC successfully exploits the vulnerability.

AB - Sniffit is a packet sniffer and monitoring tool. A bug in sniffit prior to 0.3.7 has been found. The bug is caused by an incorrect implementation of the functions clean_filename() and clean_string() which causes a stack buffer overflow when parsing a configuration file with "long" paths (more than 20 characters).The attacker can to create a specially-crafted sniffit configuration file, which is able to bypass all three protection mechanisms:Non-eXecutable bit NXStack Smashing Protector SSPAddress Space Layout Randomisation ASLRAnd execute arbitrary code with root privileges (the id of the user that launches the sniffit).The new issue has been assigned CVE-2014-5439.The presented PoC successfully exploits the vulnerability.

M3 - Other contribution

PB - http://hmarco.org

ER -