CVE-2000-0343

Sniffit 0.3.x - Remote Code Execution via Long MAIL FROM Header

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2000-0343. PoCs published by g463, MaXX, FuSyS.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Sniffit 0.3.7.beta's mail logging functionality. It crafts a malicious SMTP 'mail from:' command to overflow a buffer, redirect execution to a port-binding shellcode (port 10000), and achieve remote code execution as root.

Description

Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.

Exploits (3)

exploitdb WORKING POC VERIFIED

by g463 · cremotemultiple

https://www.exploit-db.com/exploits/19888

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Sniffit 0.3.7.beta's mail logging functionality. It crafts a malicious SMTP 'mail from:' command to overflow a buffer, redirect execution to a port-binding shellcode (port 10000), and achieve remote code execution as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sniffit 0.3.7.beta

No auth needed

Prerequisites: Sniffit configured with -L normmail · Network access to the target's SMTP port (25)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by MaXX · cremotemultiple

https://www.exploit-db.com/exploits/19887

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Sniffit 0.3.7.beta's email logging mechanism. It crafts a malicious packet to overflow the stack and execute shellcode that adds a root user to /etc/passwd.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sniffit 0.3.7.beta

No auth needed

Prerequisites: Sniffit configured to log emails · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by FuSyS · cremotemultiple

https://www.exploit-db.com/exploits/19886

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Sniffit 0.3.7beta's email logging mechanism, allowing remote code execution as root. It uses a modified shellcode to bypass input filters and overwrites the return address to execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sniffit <= 0.3.7beta

No auth needed

Prerequisites: Sniffit configured to log emails · Network access to the target host

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1158

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005021736.TAA01991%40ALuSSi

Scores

EPSS 0.0560

EPSS Percentile 91.9%

Details

Status published

Products (2)

brecht_claerhout/sniffit 0.3.6hip

brecht_claerhout/sniffit 0.3.7beta

Published May 02, 2000

Tracked Since Feb 18, 2026