Monit <= 4.2 Remote Root Exploit

From: Eye on Security India (eos-india_at_linuxmail.org)
Date: 04/12/04

  • Next message: Nikita V. Youshchenko: "Possible DoS on Linux kernel 2.4 and 2.6 using sigqueue overflow."
    To: bugtraq@securityfocus.com
    Date: Mon, 12 Apr 2004 06:22:02 +0800
    
    
    

    /*
     * THE EYE ON SECURITY RESEARCH GROUP - INDIA
     *
     * http://www.eos-india.net/poc/305monit.c
     * Remote Root Exploit for Monit <= 4.2
     * Vulnerability: Buffer overflow in handling of Basic Authentication informations.
     * Server authenticates clients through:
     * Authentication: Basic Base64Encode[UserName:Password]
     * Here we are exploiting the insecure handling of username in Basic Authentication information to return
     * control (EIP) to our payload.
     *
     * Nilanjan De [n2n<at>linuxmail<dot>org] - Abhisek Datta [abhisek<at>front<dot>ru]
     *
     * 06.04.2004
     * http://www.eos-india.net
    */

    -- 
    ______________________________________________
    Check out the latest SMS services @ http://www.linuxmail.org 
    This allows you to send and receive SMS through your mailbox.
    Powered by Outblaze
    
    



  • Next message: Nikita V. Youshchenko: "Possible DoS on Linux kernel 2.4 and 2.6 using sigqueue overflow."