Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Gentoo 200304-07: Monkey remote buffer overflow

Gentoo 200304-07: Monkey remote buffer overflow

by Nikola Strahija on April 30th, 2003 A vulnerability was discovered in Monkey web server which, if exploited, could cause a denial of service or privilege escalation by a remote attacker.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200304-07
- - - ---------------------------------------------------------------------

PACKAGE : monkeyd
SUMMARY :
DATE : 2003-04-28 08:43 UTC
EXPLOIT : remote
VERSIONS AFFECTED : FIXED VERSION : >=snort-0.6.2
CVE :

- - - ---------------------------------------------------------------------

- - From advisory:

"A buffer overflow vulnerability exists in Monkey's handling of forms
submitted with the POST request method. The unchecked buffer lies in the
PostMethod() procedure."

Read the full advisory at:
http://marc.theaimsgroup.com/?l=bugtraq&m=105094204204166&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-www/monkeyd upgrade to monkeyd-0.6.3 as follows:

emerge sync
emerge monkeyd
emerge clean

- - - ---------------------------------------------------------------------
[email protected] - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+rOmofT7nyhUpoZMRArcIAKCr6/obxva0dkO5cQkr5WSHUEbs8ACfQuPA
jV0Ti3jkPMjho6avQEGOsds=
=J440
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »