Published: 19 November 2019
Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code.
From the Ubuntu security team
It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code.
CVSS 3 base score: 7.8
Launchpad, Ubuntu, Debian
|Ubuntu 20.04 LTS (Focal Fossa)||
|Ubuntu 18.04 LTS (Bionic Beaver)||
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
(trusty was released [0.3.7.beta-17+deb8u1build0.14.04.1])
sniffit is not setuid, so this issue only affects configurations where a user is only permitted to run a subset of administrative (e.g. using a sudo configuration that only allows a user to run sniffit).