[Full-Disclosure] Monit <= 4.2 Remote Root Exploit
From: Eye on Security India (eos-india_at_linuxmail.org)
Date: 04/12/04
- Previous message: Exibar: "RE: [inbox] [Full-Disclosure] msblast variants"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com Date: Mon, 12 Apr 2004 06:22:02 +0800
/*
* THE EYE ON SECURITY RESEARCH GROUP - INDIA
*
* http://www.eos-india.net/poc/305monit.c
* Remote Root Exploit for Monit <= 4.2
* Vulnerability: Buffer overflow in handling of Basic Authentication informations.
* Server authenticates clients through:
* Authentication: Basic Base64Encode[UserName:Password]
* Here we are exploiting the insecure handling of username in Basic Authentication information to return
* control (EIP) to our payload.
*
* Nilanjan De [n2n<at>linuxmail<dot>org] - Abhisek Datta [abhisek<at>front<dot>ru]
*
* 06.04.2004
* http://www.eos-india.net
*/
-- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/octet-stream attachment: 305monit.c
- Previous message: Exibar: "RE: [inbox] [Full-Disclosure] msblast variants"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
