Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Monit | Tildeslash | 1.4 (including) | 1.4 (including) |
| Monit | Tildeslash | 1.4.1 (including) | 1.4.1 (including) |
| Monit | Tildeslash | 2.0 (including) | 2.0 (including) |
| Monit | Tildeslash | 2.1 (including) | 2.1 (including) |
| Monit | Tildeslash | 2.1.1 (including) | 2.1.1 (including) |
| Monit | Tildeslash | 2.2 (including) | 2.2 (including) |
| Monit | Tildeslash | 2.2.1 (including) | 2.2.1 (including) |
| Monit | Tildeslash | 2.3 (including) | 2.3 (including) |
| Monit | Tildeslash | 2.4 (including) | 2.4 (including) |
| Monit | Tildeslash | 2.4.1 (including) | 2.4.1 (including) |
| Monit | Tildeslash | 2.4.2 (including) | 2.4.2 (including) |
| Monit | Tildeslash | 2.4.3 (including) | 2.4.3 (including) |
| Monit | Tildeslash | 3.0 (including) | 3.0 (including) |
| Monit | Tildeslash | 3.1 (including) | 3.1 (including) |
| Monit | Tildeslash | 3.2 (including) | 3.2 (including) |
| Monit | Tildeslash | 4.0 (including) | 4.0 (including) |
| Monit | Tildeslash | 4.1 (including) | 4.1 (including) |
References
- http://secunia.com/advisories/10280
- http://security.gentoo.org/glsa/glsa-200403-14.xml
- http://www.kb.cert.org/vuls/id/623854
- http://www.securityfocus.com/archive/1/345417
- http://www.securityfocus.com/bid/9099
- http://www.tildeslash.com/monit/dist/CHANGES.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13817
- http://secunia.com/advisories/10280
- http://security.gentoo.org/glsa/glsa-200403-14.xml
- http://www.kb.cert.org/vuls/id/623854
- http://www.securityfocus.com/archive/1/345417
- http://www.securityfocus.com/bid/9099
- http://www.tildeslash.com/monit/dist/CHANGES.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13817