[SECURITY] [DLA 713-1] sniffit security update

2016-11-2108:47:40

lists.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.9%

JSON

Package : sniffit
Version : 0.3.7.beta-16.1+deb7u1
CVE ID : CVE-2014-5439
Debian Bug : 845122

It was discovered that there was a buffer overflow in the packet sniffer and
monitoring tool "sniffit" which allowed a specially-crafted configuration file
to provide a root shell.

For Debian 7 "Wheezy", this issue has been fixed in sniffit version
0.3.7.beta-16.1+deb7u1.

We recommend that you upgrade your sniffit packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8ppc64elsniffit< 0.3.7.beta-17+deb8u1sniffit_0.3.7.beta-17+deb8u1_ppc64el.deb
Debian7armhfsniffit< 0.3.7.beta-16.1+deb7u1sniffit_0.3.7.beta-16.1+deb7u1_armhf.deb
Debian8mipselsniffit< 0.3.7.beta-17+deb8u1sniffit_0.3.7.beta-17+deb8u1_mipsel.deb
Debian8amd64sniffit< 0.3.7.beta-17+deb8u1sniffit_0.3.7.beta-17+deb8u1_amd64.deb
Debian7allsniffit< 0.3.7.beta-16.1+deb7u1sniffit_0.3.7.beta-16.1+deb7u1_all.deb
Debian8mipssniffit< 0.3.7.beta-17+deb8u1sniffit_0.3.7.beta-17+deb8u1_mips.deb
Debian8s390xsniffit< 0.3.7.beta-17+deb8u1sniffit_0.3.7.beta-17+deb8u1_s390x.deb
Debian8i386sniffit< 0.3.7.beta-17+deb8u1sniffit_0.3.7.beta-17+deb8u1_i386.deb
Debian8armelsniffit< 0.3.7.beta-17+deb8u1sniffit_0.3.7.beta-17+deb8u1_armel.deb
Debian7armelsniffit< 0.3.7.beta-16.1+deb7u1sniffit_0.3.7.beta-16.1+deb7u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	ppc64el	sniffit	< 0.3.7.beta-17+deb8u1	sniffit_0.3.7.beta-17+deb8u1_ppc64el.deb
Debian	7	armhf	sniffit	< 0.3.7.beta-16.1+deb7u1	sniffit_0.3.7.beta-16.1+deb7u1_armhf.deb
Debian	8	mipsel	sniffit	< 0.3.7.beta-17+deb8u1	sniffit_0.3.7.beta-17+deb8u1_mipsel.deb
Debian	8	amd64	sniffit	< 0.3.7.beta-17+deb8u1	sniffit_0.3.7.beta-17+deb8u1_amd64.deb
Debian	7	all	sniffit	< 0.3.7.beta-16.1+deb7u1	sniffit_0.3.7.beta-16.1+deb7u1_all.deb
Debian	8	mips	sniffit	< 0.3.7.beta-17+deb8u1	sniffit_0.3.7.beta-17+deb8u1_mips.deb
Debian	8	s390x	sniffit	< 0.3.7.beta-17+deb8u1	sniffit_0.3.7.beta-17+deb8u1_s390x.deb
Debian	8	i386	sniffit	< 0.3.7.beta-17+deb8u1	sniffit_0.3.7.beta-17+deb8u1_i386.deb
Debian	8	armel	sniffit	< 0.3.7.beta-17+deb8u1	sniffit_0.3.7.beta-17+deb8u1_armel.deb
Debian	7	armel	sniffit	< 0.3.7.beta-16.1+deb7u1	sniffit_0.3.7.beta-16.1+deb7u1_armel.deb