Hobbit Monitor < 4.1.0 hobbitd Malformed Message Remote Overflow

high Nessus Plugin ID 19307

Synopsis

The remote web server may allow arbitrary code execution.

Description

The remote host is running Hobbit Monitor, an open source tool for monitoring servers, applications, and networks.

The installed version of Hobbit contains a flaw that could lead to the Hobbit daemon, 'hobbitd', crashing when it tries to process certain types of messages. It may also be possible to exploit this flaw in order to run arbitrary code with the privileges of the hobbit user.

Solution

Upgrade to Hobbit version 4.1.0 or later.

See Also

http://www.nessus.org/u?61b275fe

Plugin Details

Severity: High

ID: 19307

File Name: hobbit_dos.nasl

Version: 1.15

Type: remote

Published: 7/27/2005

Updated: 8/7/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:hobbit_monitor:hobbit_monitor

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/24/2005

Reference Information

BID: 14365