正文

多个Monit管理界面远程漏洞

admin
admin V管理员 /0 评论 /7 阅读
1231
此篇文章发布距今已超过1227天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

多个Monit管理界面远程漏洞

  • CNNVD编号:CNNVD-200412-494
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2004-1899
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2004-12-31
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: tildeslash
  • 漏洞来源: .');">Discovery of this ...

漏洞简介

Monit 1.4至4.2版本的管理界面存在漏洞。远程攻击者借助包含1024个字节的POST导致off-by-one溢出。

漏洞公告

Netwosix Linux has released advisory LNSA-#2004-0008 and fixes for the off-by-one error and the stack overflow in the authentication functionality. Please see the attached advisory for more information. Gentoo has released updates to address this issue, which may be applied with the following commands: emerge sync emerge -pv ">=app-admin/monit-4.2.1" emerge ">=app-admin/monit-4.2.1" The vendor has released fixes to address these issues: TildeSlash Monit 3.0

  • TildeSlash monit-4.2.1.tar.gz http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 3.1
  • TildeSlash monit-4.2.1.tar.gz http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 3.2
  • TildeSlash monit-4.2.1.tar.gz http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.0
  • TildeSlash monit-4.2.1.tar.gz http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.1
  • TildeSlash monit-4.2.1.tar.gz http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.1.1
  • TildeSlash monit-4.2.1.tar.gz http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.2
  • TildeSlash monit-4.2.1.tar.gz http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz
TildeSlash Monit 4.3 Beta 2
  • TildeSlash monit-4.3-beta3.tar.gz http://www.tildeslash.com/monit/beta/monit-4.3-beta3.tar.gz

参考网址

来源: BID 名称: 10051 链接:http://www.securityfocus.com/bid/10051 来源: BUGTRAQ 名称: 20040405 Advisory: Multiple Vulnerabilities in Monit 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108119149103696&w=2 来源: XF 名称: monit-post-offbyone-bo(15736) 链接:http://xforce.iss.net/xforce/xfdb/15736 来源: SECUNIA 名称: 11304 链接:http://secunia.com/advisories/11304 来源: OSVDB 名称: 4979 链接:http://www.osvdb.org/4979

受影响实体

  • Tildeslash Monit:4.3_beta_2  
    <!--
    2000-1-1
    -->
  • Tildeslash Monit:4.1.1  
    <!--
    2000-1-1
    -->
  • Tildeslash Monit:4.2  
    <!--
    2000-1-1
    -->
  • Tildeslash Monit:4.1  
    <!--
    2000-1-1
    -->
  • Tildeslash Monit:3.1  
    <!--
    2000-1-1
    -->

补丁

    暂无