lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040411222202.85C3621AFF9@ws5-6.us4.outblaze.com> From: eos-india at linuxmail.org (Eye on Security India) Subject: Monit <= 4.2 Remote Root Exploit /* * THE EYE ON SECURITY RESEARCH GROUP - INDIA * * http://www.eos-india.net/poc/305monit.c * Remote Root Exploit for Monit <= 4.2 * Vulnerability: Buffer overflow in handling of Basic Authentication informations. * Server authenticates clients through: * Authentication: Basic Base64Encode[UserName:Password] * Here we are exploiting the insecure handling of username in Basic Authentication information to return * control (EIP) to our payload. * * Nilanjan De [n2n<at>linuxmail<dot>org] - Abhisek Datta [abhisek<at>front<dot>ru] * * 06.04.2004 * http://www.eos-india.net */ -- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze -------------- next part -------------- A non-text attachment was scrubbed... Name: 305monit.c Type: application/octet-stream Size: 9183 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040412/63e2db56/305monit.obj