Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 22.04 LTS USN-6571-1 critical: Monit authentication bypass issue

ubuntu
Calendar Grey January 9, 2024
Dist Ubuntu Esm H88
Ubuntu Security Bulletin USN-6573-1: Monit could bypass restrictions for dormant accounts in several iterations of Ubuntu LTS.
Monit could be made to bypass authentication checks for disabled accounts.

Summary

Monit could be made to bypass authentication checks for disabled accounts.

Software Description:

- monit: utility for monitoring and managing daemons or similar programs

Details:

Youssef Rebahi-Gilbert discovered that Monit did not properly process

credentials for disabled accounts. An attacker could possibly use this

issue to login to the platform with an expired account and a valid

password.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
   monit                           1:5.31.0-1ubuntu0.1~esm1

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
   monit                           1:5.26.0-4ubuntu0.1~esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   monit                           1:5.25.1-1ubuntu0.1~esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   monit                           1:5.16-2ubuntu0.2+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   monit                           1:5.6-2ubuntu0.1+esm3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6571-1

CVE-2022-26563

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6571-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here