monit HTTP request buffer overflow
| monit-http-bo (13817) |  High Risk |
Description:
monit is vulnerable to a stack-based buffer overflow. A remote attacker could send a long HTTP request to overflow a buffer and execute arbitrary code on the system, possibly with root privileges.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of monit (4.1.1 or later), available from the monit Web site. See References.
For Gentoo Linux:
Upgrade to the latest version of monit (4.2 or later), as listed in GLSA 200403-14. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- Full-Disclosure Mailing List, Mon Nov 24 2003 - 07:20:19 CST: Monit 4.1 HTTP interface multiple security vulnerabilities .
- GLSA 200403-14: Multiple Security Vulnerabilities in Monit. (From LinuxSecurity archive)
- monit Web site: Index of /monit/dist.
- BID-9099: Monit Overly Long HTTP Request Buffer Overrun Vulnerability
- BID-910: Ascend CascadeView tftpd Symbolic Link Vulnerability
- CVE-2003-1083: Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
- GLSA-200403-14: Multiple Security Vulnerabilities in Monit
- SA10280: Monit HTTP Request Handling Vulnerabilities
- US-CERT VU#623854: Monit fails to properly handle negative Content-Length fields
Platforms Affected:
- Gentoo Linux
- tildeslash monit 4.1
Reported:
Nov 24, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net