| VID |
22346 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Monkey HTTP server is vulnerable to a denial of service and a format string vulnerabilities. Monkey, developed by Eduardo Silva, is a Web server written in C that works under Linux. This is an open source project based on the HTTP/1.1 protocol. Monkey HTTP Daemon versions prior to 0.9.1 are vulnerable to a denial of service vulnerability and a format string vulnerability:
1) A syntax error within the handling of certain requests can be exploited to cause a Denial of Service by requesting a 0 byte file repeatedly.
2) A format string error in "cgi.c" due to a double expansion in the "m_build_buffer_from_buffer()" function can be exploited to execute arbitrary code via a specially crafted request containing format specifiers.
* References:
http://secunia.com/advisories/14953/
http://bugs.gentoo.org/show_bug.cgi?id=87916
* Platforms Affected:
Eduardo Silva, Monkey HTTP Daemon versions prior to 0.9.1
Linux Any version |
| Recommendation |
Upgrade to the latest version of Monkey HTTP Daemon (0.9.1 or later), available from the Monkey HTTP Daemon Web site at http://monkeyd.sourceforge.net |
| Related URL |
CVE-2005-1122,CVE-2005-1123 (CVE) |
| Related URL |
13187,13188 (SecurityFocus) |
| Related URL |
20106,20109 (ISS) |
|
