[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Announce/Security Advisory] monit 4.1.1 released

From: Jan-Henrik Haukeland
Subject: [Announce/Security Advisory] monit 4.1.1 released
Date: Sat, 22 Nov 2003 00:03:57 +0100
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Reasonable Discussion, linux)

Monit version 4.1.1 is now available.

Download from:
Change log:
Checksum:       f900e393b575970ff30545fdc7e0a206  monit-4.1.1.tar.gz

This is a security and bugfix release. The most important changes in
this release is a patch for the the following security vulnerabilities:

 -- Vulnerability 1: Long http method stack overflow

  By supplying an overly large http request method and attacker could
  trigger a stack overflow condition which may lead to a remote root

-- Vulnerability 2: Denial of Service via negative Content-Length field

  By supplying a negative value in Content-Length header an attacker
  could cause a xmalloc() failure and kill a Monit daemon.

The full security report kindly provided by S-Quadra Security Research
can be viewed here:

Who is affected by the vulnerabilities?
This issue only affect those that run monit with http server support
and expose the server to the internet.

Upgrade to monit release 4.1.1. This release makes sure that it's
virtually impossible to smash the stack via a malformed HTTP request.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]