Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka double expansion error).
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Monkey | Monkey-project | * | 0.9.0 (including) |
| Monkey | Monkey-project | 0.1.1 (including) | 0.1.1 (including) |
| Monkey | Monkey-project | 0.5.2 (including) | 0.5.2 (including) |
| Monkey | Monkey-project | 0.6.0 (including) | 0.6.0 (including) |
| Monkey | Monkey-project | 0.6.1 (including) | 0.6.1 (including) |
| Monkey | Monkey-project | 0.6.2 (including) | 0.6.2 (including) |
| Monkey | Monkey-project | 0.6.3 (including) | 0.6.3 (including) |
| Monkey | Monkey-project | 0.7.0 (including) | 0.7.0 (including) |
| Monkey | Monkey-project | 0.7.1 (including) | 0.7.1 (including) |
| Monkey | Monkey-project | 0.7.2 (including) | 0.7.2 (including) |
| Monkey | Monkey-project | 0.8.0 (including) | 0.8.0 (including) |
| Monkey | Monkey-project | 0.8.1 (including) | 0.8.1 (including) |
| Monkey | Monkey-project | 0.8.2 (including) | 0.8.2 (including) |
| Monkey | Monkey-project | 0.8.3 (including) | 0.8.3 (including) |
| Monkey | Monkey-project | 0.8.4 (including) | 0.8.4 (including) |
| Monkey | Monkey-project | 0.8.4-2 (including) | 0.8.4-2 (including) |
| Monkey | Monkey-project | 0.8.5 (including) | 0.8.5 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://bugs.gentoo.org/show_bug.cgi?id=87916
- http://secunia.com/advisories/14953
- http://security.gentoo.org/glsa/glsa-200504-14.xml
- http://www.osvdb.org/15511
- http://bugs.gentoo.org/show_bug.cgi?id=87916
- http://secunia.com/advisories/14953
- http://security.gentoo.org/glsa/glsa-200504-14.xml
- http://www.osvdb.org/15511