FreeBSD : monitorix -- serious bug in the built-in HTTP server (620cf713-5a99-11e3-878d-20cf30e32f6d)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Monitorix Project reports :

A serious bug in the built-in HTTP server. It was discovered that the
handle_request() routine did not properly perform input sanitization
which led into a number of security vulnerabilities. An
unauthenticated, remote attacker could exploit this flaw to execute
arbitrary commands on the remote host. All users still using older
versions are advised to upgrade to this version, which resolves this
issue.

See also :

http://www.monitorix.org/news.html#N331
https://github.com/mikaku/Monitorix/issues/30
http://www.nessus.org/u?23291573

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 71152 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now