From ciaglia@netwosix.org Wed Apr 7 04:14:19 2004 From: Vincenzo Ciaglia To: bugtraq@securityfocus.com Cc: lwn@lwn.net, announce@netwosix.org Date: Tue, 6 Apr 2004 20:47:25 +0200 Subject: LNSA-#2004-0008: Multiple security problems in Monit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ************************************************************************************ Netwosix Linux Security Advisory #2004-0008 - ----------------------------------------------------------------------------------- Package name: monit Summary: Multiple security problems in monit Date: 2004-04-06 Affected versions: Netwosix 1.0 Netwosix 1.1 ************************************************************************************ - -> Package description: - ------------------------ monit is a utility for managing and monitoring, processes, files, directories and devices on a Unix system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations. E.g. monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses to much resources. You may use monit to monitor files, directories and devices for changes, such as timestamp changes, checksum changes or size changes. You can also use monit to monitor remote hosts; monit can ping a remote host and can check port connections and protocols. - -> Problem description: - ------------------------ 1. Monit HTTP Interface Buffer Overflow Vulnerability ===================================================== Monit implements a simple HTTP interface that supports Basic authentication. This interface suffers from a buffer overflow vulnerability when handling a client that authenticates with malformed credentials. An attacker could send a carefully crafted Authorization header to the monit server and cause the server to either crash or worse to execute arbitrary code with the privileges of the monit user. 2. Off-By-One Overflow in Monit HTTP Interface ============================================== This buffer overflow lies in the handling of POST submissions with entity bodies. If the request body has the exact length of X bytes, monit will write one byte past its designated input buffer. This error can cause the monit server to crash. - -> Action: - ------------------------ We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. - -> Location: - --------------------- You can download the latest version of this package in NEPOTE format from: - -> Nepote Update (Nepote has been updated with new ports on 21 March 2004. Update your portage tree from http://nepote.netwosix.org, first): - --------------------- See this instructions to update the port of this package: # cd /usr/ports/sysutils/monit # rm nepote # wget http://download.netwosix.org/0008/nepote # sh nepote (to install the new and updated package) - -> References - --------------------- Specific references for this advisory: http://www.tildeslash.com/monit/secadv_20040305.txt - -> About Linux Netwosix: - --------------------------------- Linux Netwosix is a powerful and optimized Linux distribution for servers and Network Security related jobs. It can also be used for special operations such as penetration testing with its big collection of security oriented software and sources. It's a light distribution created for the requirements of every SysAdmin and it's very portable and highly configurable. Our philosophy is to give greater liberty for configuration to the SysAdmin. Only in this way can he/she configure a powerful and stable server machine. Linux Netwosix also has a powerful ports system (Nepote) similar to the xBSD systems but more flexible and usable. - -> Questions? - --------------------- Check out our mailing lists: The advisory itself is available at - -------------------------------------------------- MD5sums of the packages: - - -------------------------------------------------------------------------- 68e85a51998a53459a09d2aa0d5f905d 0008/nepote - - -------------------------------------------------------------------------- Vincenzo Ciaglia - Linux Netwosix Security Advisories - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAcvtD6jz9pGuz4koRAotTAJ901+SGV8c4A9AbgmdQCjAHHztJRQCgpHXd ie9dqikx/rMg98mpl08fgWs= =ugHE -----END PGP SIGNATURE-----