Title: Sniffit Mail Logging Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems.
Sniffit contains at least one remotely exploitable buffer overflow vulnerability.
Sniffit can be configured to log specific traffic such as authentication information and emails at the command line using the -L parameter. When Sniffit attempts to log an email and the 'From:' line is greater than 250 bytes, a stack overflow occurs. The overflow is the result of an unbounded 'sprintf()' call.
The overflow can result in the corruption of stack variables, including the return address of the affected function and can ultimately result in the execution of arbitrary code.
This could be exploited by a remote attacker to execute arbitrary code as root on the server running Sniffit.
There may be other buffer overflow vulnerabilities in Sniffit related to the logging mechanism. There are several suspicious instances of sprintf() in the logging functions. Administrators are advised to use more actively supported alternatives such as Snort or dsniff.
Affected Products:
- Brecht Claerhout Sniffit 0.3.6 HIP
- Brecht Claerhout Sniffit 0.3.7 beta
References:
- Brecht Claerhout: coder@reptile.rug.ac.be: Sniffit HomePage
- FuSyS: s0ftpr0ject 2k
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
