| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Feb 2004 18:36:46 +0000
From: Luigi Auriemma <aluigi@...ervista.org>
To: bugtraq@...urityfocus.com
Subject: Denial of Service in Monkey httpd <= 0.8.1
#######################################################################
Luigi Auriemma
Application: Monkey httpd
http://monkeyd.sourceforge.net
Versions: <= 0.8.1
Platforms: GNU/Linux
Bug: Denial of Service
Risk: high
Exploitation: remote
Date: 11 Feb 2004
Author: Luigi Auriemma
e-mail: aluigi@...ervista.org
web: http://aluigi.altervista.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
>From the Monkey httpd's website:
"Monkey is a Web server written in C that works under Linux. This is an
open source project based on the HTTP/1.1 protocol.
The objective is to develop a fast, efficient, small and easy to
configure web server."
#######################################################################
======
2) Bug
======
The sending of some crafted HTTP requests leads to the freeze of the
webserver.
The problem is located in the function get_real_string().
#######################################################################
===========
3) The Code
===========
http://aluigi.altervista.org/poc/monkeydos.zip
#######################################################################
======
4) Fix
======
Version 0.8.2
#######################################################################
---
Luigi Auriemma
http://aluigi.altervista.org
Powered by blists - more mailing lists