Multiple Monit Administration Interface Remote Vulnerabilities

Multiple Monit Administration Interface Remote Vulnerabilities

Solution:
Netwosix Linux has released advisory LNSA-#2004-0008 and fixes for the off-by-one error and the stack overflow in the authentication functionality. Please see the attached advisory for more information.

Gentoo has released updates to address this issue, which may be applied with the following commands:
emerge sync
emerge -pv ">=app-admin/monit-4.2.1"
emerge ">=app-admin/monit-4.2.1"

The vendor has released fixes to address these issues:

TildeSlash Monit 3.0

TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz

TildeSlash Monit 3.1

TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz

TildeSlash Monit 3.2

TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz

TildeSlash Monit 4.0

TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz

TildeSlash Monit 4.1

TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz

TildeSlash Monit 4.1.1

TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz

TildeSlash Monit 4.2

TildeSlash monit-4.2.1.tar.gz
http://www.tildeslash.com/monit/dist/monit-4.2.1.tar.gz

TildeSlash Monit 4.3 Beta 2

TildeSlash monit-4.3-beta3.tar.gz
http://www.tildeslash.com/monit/beta/monit-4.3-beta3.tar.gz