Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 47631 - app-admin/monit-4.2 multiple vulnerabilities in HTTP interface
Summary: app-admin/monit-4.2 multiple vulnerabilities in HTTP interface
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.tildeslash.com/monit/secad...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-04-12 13:56 UTC by Thierry Carrez (RETIRED)
Modified: 2004-04-19 02:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2004-04-12 13:56:57 UTC
monit versions 4.2 and before are vulnerable to these vulns :

------------------------------------------------------------------
1. Monit HTTP Interface Buffer Overflow Vulnerability
=====================================================

Monit implements a simple HTTP interface that supports Basic
authentication. This interface suffers from a buffer overflow
vulnerability when handling a client that authenticates with malformed
credentials. An attacker could send a carefully crafted Authorization
header to the monit server and cause the server to either crash or
worse to execute arbitrary code with the privileges of the monit user.


2. Off-By-One Overflow in Monit HTTP Interface
==============================================

This buffer overflow lies in the handling of POST submissions with
entity bodies. If the request body has the exact length of X bytes,
monit will write one byte past its designated input buffer. This error
can cause the monit server to crash.
------------------------------------------------------------------

Note that an there's a published exploit for the HTTP Interface Buffer Overflow Vulnerability :
http://www.securityfocus.com/archive/1/360121


Reproducible: Didn't try
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-04-12 13:59:16 UTC
Fixed in upstream : version 4.2.1
Markus, we need to bump this one (once again) :)
Thanks in advance.
-K
Comment 2 Markus Nigbur (RETIRED) gentoo-dev 2004-04-12 16:42:43 UTC
Bumped. They really should try finding all vulnerabilities first and make a bump afterwards. ;)
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2004-04-13 00:32:58 UTC
Thanks Markus.
Ready for a GLSA.
-K
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-04-19 02:40:15 UTC
GLSA 200404-16 is out -- closing