|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200403-14] Multiple Security Vulnerabilities in Monit Vulnerability Scan
Vulnerability Scan Summary Multiple Security Vulnerabilities in Monit
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200403-14
(Multiple Security Vulnerabilities in Monit)
A denial of service may occur due to Monit not sanitizing remotely supplied
HTTP parameters before passing them to memory allocation functions. This
could allow a possible hacker to cause an unexpected condition that could lead to
the Monit daemon crashing.
An overly long http request method may cause a buffer overflow due to Monit
performing insufficient bounds checking when handling HTTP requests.
Impact
A possible hacker may crash the Monit daemon to create a denial of service
condition or cause a buffer overflow that would allow arbitrary code to be
executed with root rights.
Workaround
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
References:
http://www.securityfocus.com/bid/9098
http://www.securityfocus.com/bid/9099
Solution:
Monit users should upgrade to version 4.2 or later:
# emerge sync
# emerge -pv ">=app-admin/monit-4.2"
# emerge ">=app-admin/monit-4.2"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|