Full Disclosure mailing list archives
Monit <= 4.2 Remote Root Exploit
From: "Eye on Security India" <eos-india () linuxmail org>
Date: Mon, 12 Apr 2004 06:22:02 +0800
/* * THE EYE ON SECURITY RESEARCH GROUP - INDIA * * http://www.eos-india.net/poc/305monit.c * Remote Root Exploit for Monit <= 4.2 * Vulnerability: Buffer overflow in handling of Basic Authentication informations. * Server authenticates clients through: * Authentication: Basic Base64Encode[UserName:Password] * Here we are exploiting the insecure handling of username in Basic Authentication information to return * control (EIP) to our payload. * * Nilanjan De [n2n<at>linuxmail<dot>org] - Abhisek Datta [abhisek<at>front<dot>ru] * * 06.04.2004 * http://www.eos-india.net */ -- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze
Attachment:
305monit.c
Description:
Current thread:
- Monit <= 4.2 Remote Root Exploit Eye on Security India (Apr 11)