Multiple Monit Administration Interface Remote Vulnerabilities
BID:10051
Info
Multiple Monit Administration Interface Remote Vulnerabilities
| Bugtraq ID: | 10051 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2004 12:00AM |
| Updated: | Apr 05 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to [email protected] <[email protected]>. |
| Vulnerable: |
TildeSlash Monit 4.3 Beta 2 TildeSlash Monit 4.2 TildeSlash Monit 4.1.1 TildeSlash Monit 4.1 TildeSlash Monit 4.0 TildeSlash Monit 3.2 TildeSlash Monit 3.1 TildeSlash Monit 3.0 |
| Not Vulnerable: |
TildeSlash Monit 4.3 Beta 3 TildeSlash Monit 4.2.1 |
Discussion
Multiple Monit Administration Interface Remote Vulnerabilities
The remote administration interface of Monit has been reported to be prone to multiple vulnerabilities.
The first issue reported may be exploited by a remote attacker to trigger a denial of service. The issue presents itself when no password is submitted as a part of a basic authentication request.
The second vulnerability, a stack-based buffer overflow vulnerability has been reported to exist during basic authentication procedures. The issue presents itself due to a lack of sufficient bounds checking performed on user-supplied usernames.
A third issue, an off-by-one vulnerability, has also been reported to affect Monit. The issue presents itself when a large POST submission is handled. Depending on memory layout and compiler optimizations, this issue may potentially be exploited on some platforms to allow an attacker to influence the least significant byte of the stack frame base pointer.
The remote administration interface of Monit has been reported to be prone to multiple vulnerabilities.
The first issue reported may be exploited by a remote attacker to trigger a denial of service. The issue presents itself when no password is submitted as a part of a basic authentication request.
The second vulnerability, a stack-based buffer overflow vulnerability has been reported to exist during basic authentication procedures. The issue presents itself due to a lack of sufficient bounds checking performed on user-supplied usernames.
A third issue, an off-by-one vulnerability, has also been reported to affect Monit. The issue presents itself when a large POST submission is handled. Depending on memory layout and compiler optimizations, this issue may potentially be exploited on some platforms to allow an attacker to influence the least significant byte of the stack frame base pointer.
Exploit / POC
Multiple Monit Administration Interface Remote Vulnerabilities
An exploit for the stack-based buffer overflow vulnerability has been provided by THE EYE ON SECURITY RESEARCH GROUP - INDIA <http://www.eos-india.net>:
An exploit for the stack-based buffer overflow vulnerability has been provided by THE EYE ON SECURITY RESEARCH GROUP - INDIA <http://www.eos-india.net>:
Solution / Fix
Multiple Monit Administration Interface Remote Vulnerabilities
Solution:
Netwosix Linux has released advisory LNSA-#2004-0008 and fixes for the off-by-one error and the stack overflow in the authentication functionality. Please see the attached advisory for more information.
Gentoo has released updates to address this issue, which may be applied with the following commands:
emerge sync
emerge -pv ">=app-admin/monit-4.2.1"
emerge ">=app-admin/monit-4.2.1"
The vendor has released fixes to address these issues:
TildeSlash Monit 3.0
TildeSlash Monit 3.1
TildeSlash Monit 3.2
TildeSlash Monit 4.0
TildeSlash Monit 4.1
TildeSlash Monit 4.1.1
TildeSlash Monit 4.2
TildeSlash Monit 4.3 Beta 2
Solution:
Netwosix Linux has released advisory LNSA-#2004-0008 and fixes for the off-by-one error and the stack overflow in the authentication functionality. Please see the attached advisory for more information.
Gentoo has released updates to address this issue, which may be applied with the following commands:
emerge sync
emerge -pv ">=app-admin/monit-4.2.1"
emerge ">=app-admin/monit-4.2.1"
The vendor has released fixes to address these issues:
TildeSlash Monit 3.0
-
TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 3.1
-
TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 3.2
-
TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.0
-
TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.1
-
TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.1.1
-
TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.2
-
TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.3 Beta 2
-
TildeSlash monit-4.3-beta3.tar.gz
http://www.tildeslash.com/monit/beta/monit-4.3-beta3.tar.gz
References
Multiple Monit Administration Interface Remote Vulnerabilities
References:
References:
- Monit Product Page (TildeSlash)
- Monit Security Advisory [05 April 2004] (TildeSlash)
- Advisory: Multiple Vulnerabilities in Monit ("[email protected]"
)