Vulnerabilities > CVE-2003-1084 - Denial of Service vulnerability in Monit HTTP Content-Length Parameter
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.
Vulnerable Configurations
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200403-14.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200403-14 (Multiple Security Vulnerabilities in Monit) A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing. An overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests. Impact : An attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges. Workaround : A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14465 |
published | 2004-08-30 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14465 |
title | GLSA-200403-14 : Multiple Security Vulnerabilities in Monit |
References
- http://secunia.com/advisories/10280
- http://security.gentoo.org/glsa/glsa-200403-14.xml
- http://www.kb.cert.org/vuls/id/206382
- http://www.securityfocus.com/archive/1/345417
- http://www.securityfocus.com/bid/9098
- http://www.tildeslash.com/monit/dist/CHANGES.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13818