BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Monkey HTTP Daemon Buffer Overflow

Disclosed May 30, 2013    Fully Patched

Vulnerability Description:

Monkey HTTP Daemon contains a buffer overflow caused by a signedness error within "mk_request_header_process()" which, if successfully exploited, may result in arbitrary code execution within the context of the daemon.

Vendors:

Monkey HTTP Daemon Development Group

Vulnerable Software/Devices:

Monkey HTTP Daemon 1.2.0 and possibly earlier versions

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible via maliciously crafted HTTP headers. Attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as vulnerable daemon.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19264 - Monkey HTTP Daemon Buffer Overflow (Zero-Day)

Mitigation:

Upgrade to version 1.2.1 or newer.

Links:

CVE(s):

None

Leave a Reply