CVE-2014-5439

NameCVE-2014-5439
DescriptionMultiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-713-1
Debian Bugs845122

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sniffit (PTS)bullseye0.5-1fixed
bookworm0.5-3fixed
sid0.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sniffitsourcewheezy0.3.7.beta-16.1+deb7u1DLA-713-1
sniffitsourcejessie0.3.7.beta-17+deb8u1
sniffitsource(unstable)0.3.7.beta-20845122

Notes

http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html
Search for package or bug name: Reporting problems