Monit Overly Long HTTP Request Buffer Overrun Vulnerability

A buffer overrun vulnerability has been discovered in Monit 4.1 and earlier that could be exploited remotely to gain root privileges. The problem occurs due to insufficient bounds checking when handling overly long HTTP requests. As a result, it may be possible for a remote attacker to corrupt sensitive process data in such a way that the execution flow of Monit can be controlled.

Successful exploitation of this condition could potentially allow for the execution of arbitrary code with root privileges.


 

Privacy Statement
Copyright 2010, SecurityFocus