Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Denial of Service in Monkey httpd <= 0.8.1

From: Luigi Auriemma <aluigi () altervista org>
Date: Wed, 11 Feb 2004 18:36:46 +0000

#######################################################################

                             Luigi Auriemma

Application:  Monkey httpd
              http://monkeyd.sourceforge.net
Versions:     <= 0.8.1
Platforms:    GNU/Linux
Bug:          Denial of Service
Risk:         high
Exploitation: remote
Date:         11 Feb 2004
Author:       Luigi Auriemma
              e-mail: aluigi () altervista org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============



From the Monkey httpd's website:


"Monkey is a Web server written in C that works under Linux. This is an
open source project based on the HTTP/1.1 protocol.
The objective is to develop a fast, efficient, small and easy to
configure web server."


#######################################################################

======
2) Bug
======


The sending of some crafted HTTP requests leads to the freeze of the
webserver.
The problem is located in the function get_real_string().


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/monkeydos.zip


#######################################################################

======
4) Fix
======


Version 0.8.2


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org
Previous By Date Next
Previous By Thread Next

Current thread: