diff options
Diffstat (limited to 'xml/htdocs/security/en/glsa/glsa-200402-03.xml')
-rw-r--r-- | xml/htdocs/security/en/glsa/glsa-200402-03.xml | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/xml/htdocs/security/en/glsa/glsa-200402-03.xml b/xml/htdocs/security/en/glsa/glsa-200402-03.xml new file mode 100644 index 00000000..ffeefb17 --- /dev/null +++ b/xml/htdocs/security/en/glsa/glsa-200402-03.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="utf-8"?> +<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> +<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> + +<glsa id="200402-03"> + <title>Monkeyd Denial of Service vulnerability</title> + <synopsis> + A bug in get_real_string() function allows for a Denial of Service attack to be + launched against the webserver. + </synopsis> + <product type="ebuild">monkeyd</product> + <announced>February 11, 2004</announced> + <revised>February 11, 2004: 01</revised> + <bug>41156</bug> + <access>remote</access> + <affected> + <package name="www-servers/monkeyd" auto="yes" arch="*"> + <unaffected range="ge">0.8.2</unaffected> + <vulnerable range="lt">0.8.2</vulnerable> + </package> + </affected> + <background> + <p> + The Monkey HTTP daemon is a Web server written in C that works + under Linux and is based on the HTTP/1.1 protocol. It aims to develop + a fast, efficient and small web server. + </p> + </background> + <description> + <p> + A bug in the URI processing of incoming requests allows for a Denial of + Service to be launched against the webserver, which may cause the server + to crash or behave sporadically. + </p> + </description> + <impact type="normal"> + <p> + Although there are no public exploits known for bug, users are recommended + to upgrade to ensure the security of their infrastructure. + </p> + </impact> + <workaround> + <p> + There is no immediate workaround; a software upgrade is + required. The vulnerable function in the code has been rewritten. + </p> + </workaround> + <resolution> + <p> + All users are recommended to upgrade monkeyd to 0.8.2: + </p> + <code> + # emerge sync + # emerge -pv ">=www-servers/monkeyd-0.8.2" + # emerge ">=www-servers/monkeyd-0.8.2"</code> + </resolution> + <references> + <uri link="http://cvs.sourceforge.net/viewcvs.py/monkeyd/monkeyd/src/utils.c?r1=1.3&r2=1.4">CVS Patch</uri> + </references> +</glsa> |