Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1898Improper Restriction of Operations within the Bounds of a Memory Buffer in Monit

5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
34.5%
top 2.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Tildeslash MonitDebian Monit
Timeline
PublishedDec 31
Latest updateApr 29

Description

Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

debiandebian/monit< monit 1:4.2.1-1 (bookworm)
Debiantildeslash/monit< 1:4.2.1-1+3
NVDtildeslash/monit9 versions+8

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-xmw9-gg4q-2f2x: Stack-based buffer overflow in the administration interface in Monit 12022-04-29
OSV
CVE-2004-1898: Stack-based buffer overflow in the administration interface in Monit 12004-12-31

💥Exploits & PoCs

1
Exploit-DB
Monit 4.2 - Basic Authentication Remote Code Execution2004-10-17

📋Vendor Advisories

1
Debian
CVE-2004-1898: monit - Stack-based buffer overflow in the administration interface in Monit 1.4 through...2004
CVE-2004-1898 — Debian Monit vulnerability | cvebase