[Full-Disclosure] Monit <= 4.2 Remote Root Exploit
Eye on Security India
eos-india at linuxmail.org
Sun Apr 11 23:22:02 BST 2004
* THE EYE ON SECURITY RESEARCH GROUP - INDIA
* Remote Root Exploit for Monit <= 4.2
* Vulnerability: Buffer overflow in handling of Basic Authentication informations.
* Server authenticates clients through:
* Authentication: Basic Base64Encode[UserName:Password]
* Here we are exploiting the insecure handling of username in Basic Authentication information to return
* control (EIP) to our payload.
* Nilanjan De [n2n<at>linuxmail<dot>org] - Abhisek Datta [abhisek<at>front<dot>ru]
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 9183 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040412/63e2db56/attachment.obj
Full-Disclosure is hosted and sponsored by Secunia.