CVE-2014-5439 - Root shell on Sniffit Sniffit is a packet sniffer and monitoring tool.
The attacker can create a specially-crafted sniffit configuration file, which is able
to bypass all three protection mechanisms: - Non-eXecutable bit NX - Stack Smashing Protector SSP - Address Space Layout Randomisation ASLR And execute arbitrary code with root privileges. Exploit, fix and discussion in: http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html Regards, Hector Marco. http://hmarco.org Cybersecurity researcher at: http://cybersecurity.upv.es/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/