|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200404-16] Multiple new security vulnerabilities in monit Vulnerability Scan
Vulnerability Scan Summary
Multiple new security vulnerabilities in monit
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200404-16
(Multiple new security vulnerabilities in monit)
Monit has several vulnerabilities in its HTTP interface : a buffer overflow
vulnerability in the authentication handling code and a off-by-one error in
the POST method handling code.
Impact
A possible hacker may exploit the off-by-one error to crash the Monit daemon and
create a denial of service condition, or cause a buffer overflow that would
allow arbitrary code to be executed with root rights.
Workaround
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
References:
http://www.tildeslash.com/monit/secadv_20040305.txt
Solution:
Monit users should upgrade to version 4.2.1 or later:
# emerge sync
# emerge -pv ">=app-admin/monit-4.2.1"
# emerge ">=app-admin/monit-4.2.1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
