Gentoo: GLSA-200402-03: Monkeyd Denial of Service vulnerability
Summary
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gentoo Linux Security Advisory GLSA 200402-03 ~ https://security.gentoo.org/
~ Severity: Normal ~ Title: Monkeyd Denial of Service vulnerability ~ Date: February 11, 2004 ~ Bugs: #41156 ~ ID: 200402-03
Synopsis ======= A bug in get_real_string() function allows for a Denial of Service attack to be launched against the webserver.
Background ========= The Monkey HTTP daemon is a Web server written in C that works under Linux and is based on the HTTP/1.1 protocol. It aims to develop a fast, efficient and small web server.
========== A bug in the URI processing of incoming requests allows for a Denial of Service to be launched against the webserver, which may cause the server to crash or behave sporadically.
Impact ===== Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure.
Workaround ========= There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten.
Resolution ========= All users are recommended to upgrade monkeyd to 0.8.2:
~ # emerge sync ~ # emerge -pv ">=net-www/monkeyd-0.8.2" ~ # emerge ">=net-www/monkeyd-0.8.2"
Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org/.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFAKpaGMMXbAy2b2EIRAr1LAKC9dKoISy2eQelG1+Q71ZWgka7inwCgul7Z +naU63THPiXqAHQxweaTuR0=wRuH -----END PGP SIGNATURE-----