Monkey HTTP Daemon CGI Processor Format String Vulnerability
BID:13187
Info
Monkey HTTP Daemon CGI Processor Format String Vulnerability
| Bugtraq ID: | 13187 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1122 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2005 12:00AM |
| Updated: | Mar 19 2015 08:20AM |
| Credit: | Discovery is credited to Tavis Ormandy of the Gentoo Security Team. |
| Vulnerable: |
Monkey Monkey HTTP Daemon 0.9 .0 Monkey Monkey HTTP Daemon 0.8.2 Monkey Monkey HTTP Daemon 0.8.1 Monkey Monkey HTTP Daemon 0.8 Monkey Monkey HTTP Daemon 0.7.2 Monkey Monkey HTTP Daemon 0.7.1 Monkey Monkey HTTP Daemon 0.7 .0 Monkey Monkey HTTP Daemon 0.6.3 Monkey Monkey HTTP Daemon 0.6.2 Monkey Monkey HTTP Daemon 0.6.1 Monkey Monkey HTTP Daemon 0.6 Monkey Monkey HTTP Daemon 0.5.1 Monkey Monkey HTTP Daemon 0.5 Monkey Monkey HTTP Daemon 0.4.2 Monkey Monkey HTTP Daemon 0.4.1 Monkey Monkey HTTP Daemon 0.4 Monkey Monkey HTTP Daemon 0.1.4 |
| Not Vulnerable: |
Monkey Monkey HTTP Daemon 0.9.1 |
Discussion
Monkey HTTP Daemon CGI Processor Format String Vulnerability
Monkey HTTP Daemon is prone to a format string vulnerability in the CGI processor. Successful exploitation allows execution of arbitrary code with the privileges of the server.
Monkey HTTP Daemon is prone to a format string vulnerability in the CGI processor. Successful exploitation allows execution of arbitrary code with the privileges of the server.
Exploit / POC
Monkey HTTP Daemon CGI Processor Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Monkey HTTP Daemon CGI Processor Format String Vulnerability
Solution:
Gentoo has released security advisory GLSA 200504-14 to provide fixes for this issue. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-servers/monkeyd-0.9.1"
This issue has been addressed in version 0.9.1.
Monkey Monkey HTTP Daemon 0.1.4
Monkey Monkey HTTP Daemon 0.4
Monkey Monkey HTTP Daemon 0.4.1
Monkey Monkey HTTP Daemon 0.4.2
Monkey Monkey HTTP Daemon 0.5
Monkey Monkey HTTP Daemon 0.5.1
Monkey Monkey HTTP Daemon 0.6
Monkey Monkey HTTP Daemon 0.6.1
Monkey Monkey HTTP Daemon 0.6.2
Monkey Monkey HTTP Daemon 0.6.3
Monkey Monkey HTTP Daemon 0.7 .0
Monkey Monkey HTTP Daemon 0.7.1
Monkey Monkey HTTP Daemon 0.7.2
Monkey Monkey HTTP Daemon 0.8
Monkey Monkey HTTP Daemon 0.8.1
Monkey Monkey HTTP Daemon 0.8.2
Monkey Monkey HTTP Daemon 0.9 .0
Solution:
Gentoo has released security advisory GLSA 200504-14 to provide fixes for this issue. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-servers/monkeyd-0.9.1"
This issue has been addressed in version 0.9.1.
Monkey Monkey HTTP Daemon 0.1.4
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.4
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.4.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.4.2
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.5
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.5.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.6
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.6.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.6.2
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.6.3
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.7 .0
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.7.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.7.2
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.8
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.8.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.8.2
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey Monkey HTTP Daemon 0.9 .0
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
References
Monkey HTTP Daemon CGI Processor Format String Vulnerability
References:
References:
- Monkey HTTP Daemon Product Page (Monkey)