FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

monitorix -- serious bug in the built-in HTTP server

Affected packages
monitorix < 3.3.1

Details

VuXML ID 620cf713-5a99-11e3-878d-20cf30e32f6d
Discovery 2013-11-21
Entry 2013-12-01

Monitorix Project reports:

A serious bug in the built-in HTTP server. It was discovered that the handle_request() routine did not properly perform input sanitization which led into a number of security vulnerabilities. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary commands on the remote host. All users still using older versions are advised to upgrade to this version, which resolves this issue.

References

URL http://www.monitorix.org/news.html#N331
URL https://github.com/mikaku/Monitorix/issues/30