[Full-Disclosure] Monit <= 4.2 Remote Root Exploit
Eye on Security India
eos-india at linuxmail.org
Sun Apr 11 23:22:02 BST 2004
/*
* THE EYE ON SECURITY RESEARCH GROUP - INDIA
*
* http://www.eos-india.net/poc/305monit.c
* Remote Root Exploit for Monit <= 4.2
* Vulnerability: Buffer overflow in handling of Basic Authentication informations.
* Server authenticates clients through:
* Authentication: Basic Base64Encode[UserName:Password]
* Here we are exploiting the insecure handling of username in Basic Authentication information to return
* control (EIP) to our payload.
*
* Nilanjan De [n2n<at>linuxmail<dot>org] - Abhisek Datta [abhisek<at>front<dot>ru]
*
* 06.04.2004
* http://www.eos-india.net
*/
--
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 305monit.c
Type: application/octet-stream
Size: 9183 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040412/63e2db56/attachment.obj
Full-Disclosure is hosted and sponsored by Secunia.