CVE-2000-0343
published 2000-05-02CVE-2000-0343: Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.
PriorityP334critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
5.60%
91.9th percentile
Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| brecht_claerhout | sniffit | — | — |
| brecht_claerhout | sniffit | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 Beta - Mail Logging Buffer Overflow (3)
exploitdb·2002-01-18
CVE-2000-0343 Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 Beta - Mail Logging Buffer Overflow (3)
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 Beta - Mail Logging Buffer Overflow (3)
---
// source: https://www.securityfocus.com/bid/1158/info
Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems.
Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniffit is configured to log emails, attackers may be able to exploit a stack overflow in the logging mechanism and execute arbitrary code as root on the underlying host.
There may be other buffer overflow vulnerabilities in sniffit related to the logging mechanism. There are several suspicious instances of sprintf() in the logging functions. Administrators are advised to use more actively supported alternatives such as Snort or dsniff.
/*
Rem
Exploit-DB
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 Beta - Mail Logging Buffer Overflow (2)
exploitdb·2000-05-02
CVE-2000-0343 Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 Beta - Mail Logging Buffer Overflow (2)
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 Beta - Mail Logging Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/1158/info
Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems.
Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniffit is configured to log emails, attackers may be able to exploit a stack overflow in the logging mechanism and execute arbitrary code as root on the underlying host.
There may be other buffer overflow vulnerabilities in sniffit related to the logging mechanism. There are several suspicious instances of sprintf() in the logging functions. Administrators are advised to use more actively supported alternatives such as Snort or dsniff.
/*
* 5n
Exploit-DB
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 Beta - Mail Logging Buffer Overflow (1)
exploitdb·2000-05-02
CVE-2000-0343 Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 Beta - Mail Logging Buffer Overflow (1)
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 Beta - Mail Logging Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/1158/info
Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems.
Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniffit is configured to log emails, attackers may be able to exploit a stack overflow in the logging mechanism and execute arbitrary code as root on the underlying host.
There may be other buffer overflow vulnerabilities in sniffit related to the logging mechanism. There are several suspicious instances of sprintf() in the logging functions. Administrators are advised to use more actively supported alternatives such as Snort or dsniff.
/*
* Sn
No writeups or analysis indexed.
2000-05-02
Published