Monkey HTTP Daemon Zero Length File Request Denial Of Service Vulnerability
BID:13188
Info
Monkey HTTP Daemon Zero Length File Request Denial Of Service Vulnerability
| Bugtraq ID: | 13188 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-1123 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | Discovery is credited to Ciaran McCreesh of the Gentoo Security Team. |
| Vulnerable: |
Monkey-Project Monkey Http Daemon 0.9 .0 Monkey-Project Monkey Http Daemon 0.8.2 Monkey-Project Monkey Http Daemon 0.8.1 Monkey-Project Monkey Http Daemon 0.8 Monkey-Project Monkey Http Daemon 0.7.2 Monkey-Project Monkey Http Daemon 0.7.1 Monkey-Project Monkey Http Daemon 0.7 .0 Monkey-Project Monkey Http Daemon 0.6.3 Monkey-Project Monkey Http Daemon 0.6.2 Monkey-Project Monkey Http Daemon 0.6.1 Monkey-Project Monkey Http Daemon 0.6 Monkey-Project Monkey Http Daemon 0.5.1 Monkey-Project Monkey Http Daemon 0.5 Monkey-Project Monkey Http Daemon 0.4.2 Monkey-Project Monkey Http Daemon 0.4.1 Monkey-Project Monkey Http Daemon 0.4 Monkey-Project Monkey Http Daemon 0.1.4 |
| Not Vulnerable: |
Monkey-Project Monkey Http Daemon 0.9.1 |
Discussion
Monkey HTTP Daemon Zero Length File Request Denial Of Service Vulnerability
Monkey HTTP Daemon is prone to a remotely exploitable denial of service vulnerability. Though unconfirmed, this issue may be triggered when handling malformed file requests.
Monkey HTTP Daemon is prone to a remotely exploitable denial of service vulnerability. Though unconfirmed, this issue may be triggered when handling malformed file requests.
Exploit / POC
Monkey HTTP Daemon Zero Length File Request Denial Of Service Vulnerability
This issue can be exploited with a Web client.
This issue can be exploited with a Web client.
Solution / Fix
Monkey HTTP Daemon Zero Length File Request Denial Of Service Vulnerability
Solution:
Gentoo has released security advisory GLSA 200504-14 to provide fixes for this issue. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-servers/monkeyd-0.9.1"
This issue has been addressed in version 0.9.1.
Monkey-Project Monkey Http Daemon 0.1.4
Monkey-Project Monkey Http Daemon 0.4
Monkey-Project Monkey Http Daemon 0.4.1
Monkey-Project Monkey Http Daemon 0.4.2
Monkey-Project Monkey Http Daemon 0.5
Monkey-Project Monkey Http Daemon 0.5.1
Monkey-Project Monkey Http Daemon 0.6
Monkey-Project Monkey Http Daemon 0.6.1
Monkey-Project Monkey Http Daemon 0.6.2
Monkey-Project Monkey Http Daemon 0.6.3
Monkey-Project Monkey Http Daemon 0.7 .0
Monkey-Project Monkey Http Daemon 0.7.1
Monkey-Project Monkey Http Daemon 0.7.2
Monkey-Project Monkey Http Daemon 0.8
Monkey-Project Monkey Http Daemon 0.8.1
Monkey-Project Monkey Http Daemon 0.8.2
Monkey-Project Monkey Http Daemon 0.9 .0
Solution:
Gentoo has released security advisory GLSA 200504-14 to provide fixes for this issue. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-servers/monkeyd-0.9.1"
This issue has been addressed in version 0.9.1.
Monkey-Project Monkey Http Daemon 0.1.4
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.4
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.4.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.4.2
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.5
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.5.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.6
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.6.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.6.2
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.6.3
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.7 .0
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.7.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.7.2
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.8
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.8.1
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.8.2
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
Monkey-Project Monkey Http Daemon 0.9 .0
-
Monkey monkey-0.9.1.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=17
References
Monkey HTTP Daemon Zero Length File Request Denial Of Service Vulnerability
References:
References:
- Monkey HTTP Daemon Product Page (Monkey)