Gentoo Logo

Monkeyd Denial of Service vulnerability

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200402-03 / monkeyd
Release Date February 11, 2004
Latest Revision February 11, 2004: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
www-servers/monkeyd < 0.8.2 >= 0.8.2 All supported architectures

Related bugreports: #41156

Synopsis

A bug in get_real_string() function allows for a Denial of Service attack to be launched against the webserver.

2.  Impact Information

Background

The Monkey HTTP daemon is a Web server written in C that works under Linux and is based on the HTTP/1.1 protocol. It aims to develop a fast, efficient and small web server.

Description

A bug in the URI processing of incoming requests allows for a Denial of Service to be launched against the webserver, which may cause the server to crash or behave sporadically.

Impact

Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure.

3.  Resolution Information

Workaround

There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten.

Resolution

All users are recommended to upgrade monkeyd to 0.8.2:

Code Listing 3.1: Resolution

# emerge sync
# emerge -pv ">=www-servers/monkeyd-0.8.2"
# emerge ">=www-servers/monkeyd-0.8.2"

4.  References

Print

Updated February 11, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Support OSL
Gentoo Centric Hosting: vr.org
Tek Alchemy
SevenL.net
Global Netoptex Inc.
Bytemark
Online Kredit Index
Copyright 2001-2009 Gentoo Foundation, Inc. Questions, Comments? Contact us.