[Full-Disclosure] Monit <= 4.2 Remote Root Exploit

From: Eye on Security India (eos-india_at_linuxmail.org)
Date: 04/12/04

  • Next message: Rizwan Ali Khan: "[Full-Disclosure] BS7799 Gap Analysis"
    To: bugtraq@securityfocus.com
    Date: Mon, 12 Apr 2004 06:22:02 +0800
    
    
    

    /*
     * THE EYE ON SECURITY RESEARCH GROUP - INDIA
     *
     * http://www.eos-india.net/poc/305monit.c
     * Remote Root Exploit for Monit <= 4.2
     * Vulnerability: Buffer overflow in handling of Basic Authentication informations.
     * Server authenticates clients through:
     * Authentication: Basic Base64Encode[UserName:Password]
     * Here we are exploiting the insecure handling of username in Basic Authentication information to return
     * control (EIP) to our payload.
     *
     * Nilanjan De [n2n<at>linuxmail<dot>org] - Abhisek Datta [abhisek<at>front<dot>ru]
     *
     * 06.04.2004
     * http://www.eos-india.net
    */

    -- 
    ______________________________________________
    Check out the latest SMS services @ http://www.linuxmail.org 
    This allows you to send and receive SMS through your mailbox.
    Powered by Outblaze
    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



  • Next message: Rizwan Ali Khan: "[Full-Disclosure] BS7799 Gap Analysis"

    Relevant Pages

    • Monit <= 4.2 Remote Root Exploit
      ... Buffer overflow in handling of Basic Authentication informations. ... Check out the latest SMS services @ http://www.linuxmail.org ...
      (Bugtraq)
    • Monit <= 4.2 Remote Root Exploit
      ... Buffer overflow in handling of Basic Authentication informations. ... Check out the latest SMS services @ http://www.linuxmail.org ...
      (Full-Disclosure)