CVE-2014-5439 - OpenCVE

Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Sniffit Project	Sniffit

Configuration 1 [-]

cpe:2.3:a:sniffit_project:sniffit:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

References

Link	Resource
http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html	Exploit Patch Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2014/Nov/88
http://www.securityfocus.com/bid/71318

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-19T15:05:09

Updated: 2020-02-07T16:16:15

Reserved: 2014-08-22T00:00:00

Link: CVE-2014-5439

JSON object: View

NVD Information

Status : Modified

Published: 2019-11-19T16:15:11.290

Modified: 2020-08-18T15:05:57.937

Link: CVE-2014-5439

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-07T16:16:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/71318"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2014/Nov/88"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5439", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html"}, {"name": "http://www.securityfocus.com/bid/71318", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/71318"}, {"name": "http://seclists.org/fulldisclosure/2014/Nov/88", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2014/Nov/88"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-5439", "datePublished": "2019-11-19T15:05:09", "dateReserved": "2014-08-22T00:00:00", "dateUpdated": "2020-02-07T16:16:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sniffit_project:sniffit:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1646259-13DC-40F6-B7BA-708FC4077BE3", "versionEndIncluding": "0.3.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code."}, {"lang": "es", "value": "Existen varias vulnerabilidades de desbordamiento de b\u00fafer basadas en pila en Sniffit anterior a la versi\u00f3n 0.3.7 a trav\u00e9s de un archivo de configuraci\u00f3n especialmente dise\u00f1ado que omitir\u00e1 el bit NX no ejecutable, el SSP protector de aplastamiento de pila y los mecanismos de protecci\u00f3n ASLR de aleatorizaci\u00f3n del dise\u00f1o de espacio de direcciones, lo que podr\u00eda permitir que un usuario malintencionado se ejecute c\u00f3digo arbitrario"}], "id": "CVE-2014-5439", "lastModified": "2020-08-18T15:05:57.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-19T16:15:11.290", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2014/Nov/88"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/71318"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}