Discover Government News

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200402-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

~  Severity: Normal
~     Title: Monkeyd Denial of Service vulnerability
~      Date: February 11, 2004
~      Bugs: #41156
~        ID: 200402-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
A bug in get_real_string() function allows for a Denial of Service
attack to be launched against the webserver.

Background
=========
The Monkey HTTP daemon is a Web server written in C that works under
Linux and is based on the HTTP/1.1 protocol. It aims to develop a fast,
efficient and small web server.

Description
==========
A bug in the URI processing of incoming requests allows for a Denial of
Service to be launched against the webserver, which may cause the server
to crash or behave sporadically.

Impact
=====
Although there are no public exploits known for bug, users are
recommended to upgrade to ensure the security of their infrastructure.

Workaround
=========
There is no immediate workaround; a software upgrade is required. The
vulnerable function in the code has been rewritten.

Resolution
=========
All users are recommended to upgrade monkeyd to 0.8.2:

~    # emerge sync
~    # emerge -pv ">=net-www/monkeyd-0.8.2"
~    # emerge ">=net-www/monkeyd-0.8.2"

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org/.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - 
iD8DBQFAKpaGMMXbAy2b2EIRAr1LAKC9dKoISy2eQelG1+Q71ZWgka7inwCgul7Z
+naU63THPiXqAHQxweaTuR0=wRuH
-----END PGP SIGNATURE-----

Gentoo: GLSA-200402-03: Monkeyd Denial of Service vulnerability

A bug in get_real_string() function allows for a Denial of Service attack to be launched against the webserver.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200402-03
~                                            https://security.gentoo.org/

~ Severity: Normal ~ Title: Monkeyd Denial of Service vulnerability ~ Date: February 11, 2004 ~ Bugs: #41156 ~ ID: 200402-03

Synopsis ======= A bug in get_real_string() function allows for a Denial of Service attack to be launched against the webserver.
Background ========= The Monkey HTTP daemon is a Web server written in C that works under Linux and is based on the HTTP/1.1 protocol. It aims to develop a fast, efficient and small web server.
========== A bug in the URI processing of incoming requests allows for a Denial of Service to be launched against the webserver, which may cause the server to crash or behave sporadically.
Impact ===== Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure.
Workaround ========= There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten.
Resolution ========= All users are recommended to upgrade monkeyd to 0.8.2:
~ # emerge sync ~ # emerge -pv ">=net-www/monkeyd-0.8.2" ~ # emerge ">=net-www/monkeyd-0.8.2"
Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org/.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFAKpaGMMXbAy2b2EIRAr1LAKC9dKoISy2eQelG1+Q71ZWgka7inwCgul7Z +naU63THPiXqAHQxweaTuR0=wRuH -----END PGP SIGNATURE-----

Resolution

References

Availability

Concerns

Severity

Synopsis

Background

Affected Packages

Impact

Workaround

Related News