| Summary: | <app-admin/monit-5.20.0: CSRF | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | patrick |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2016/10/27/17 | ||
| Whiteboard: | B4 [noglsa cve] | ||
| Package list: |
=app-admin/monit-5.20.0
|
Runtime testing required: | --- |
Arches please test and mark stable =app-admin/monit-5.20.0 with target KEYWORDS: amd64 ppc ~ppc64 x86 ~amd64-linux amd64 stable x86 stable ppc stable. Maintainer(s), please cleanup. GLSA Vote: No |
From ${URL} : I'd found a CSRF issue in Monit(https://mmonit.com/monit/) in the Service Manager application that affects versions 5.19.0 and earlier. Red Hat has assigned CVE-2016-7067 to this issue. Monit has fixed this issue in version 5.20.0 Description: The forms in Monit's Service Manager are vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host, disable/enable monitoring for a specific service. Upstream Commit: https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master Adith Sudhakar @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.