47631 2004-04-12 13:56 0000 app-admin/monit-4.2 multiple vulnerabilities in HTTP interface 2004-04-19 02:40:15 0000 1 1 1 Unclassified Gentoo Security GLSA Errors unspecified All Linux RESOLVED FIXED http://www.tildeslash.com/monit/secadv_20040305.txt P2 major --- 1 koon@gentoo.org security@gentoo.org pYrania@gentoo.org koon@gentoo.org 2004-04-12 13:56:57 0000 monit versions 4.2 and before are vulnerable to these vulns : ------------------------------------------------------------------ 1. Monit HTTP Interface Buffer Overflow Vulnerability ===================================================== Monit implements a simple HTTP interface that supports Basic authentication. This interface suffers from a buffer overflow vulnerability when handling a client that authenticates with malformed credentials. An attacker could send a carefully crafted Authorization header to the monit server and cause the server to either crash or worse to execute arbitrary code with the privileges of the monit user. 2. Off-By-One Overflow in Monit HTTP Interface ============================================== This buffer overflow lies in the handling of POST submissions with entity bodies. If the request body has the exact length of X bytes, monit will write one byte past its designated input buffer. This error can cause the monit server to crash. ------------------------------------------------------------------ Note that an there's a published exploit for the HTTP Interface Buffer Overflow Vulnerability : http://www.securityfocus.com/archive/1/360121 Reproducible: Didn't try Steps to Reproduce: koon@gentoo.org 2004-04-12 13:59:16 0000 Fixed in upstream : version 4.2.1 Markus, we need to bump this one (once again) :) Thanks in advance. -K pYrania@gentoo.org 2004-04-12 16:42:43 0000 Bumped. They really should try finding all vulnerabilities first and make a bump afterwards. ;) koon@gentoo.org 2004-04-13 00:32:58 0000 Thanks Markus. Ready for a GLSA. -K koon@gentoo.org 2004-04-19 02:40:15 0000 GLSA 200404-16 is out -- closing