Monkey HTTP Daemon contains a buffer overflow caused by a signedness error within "mk_request_header_process()" which, if successfully exploited, may result in arbitrary code execution within the context of the daemon.
Monkey HTTP Daemon Development Group
Monkey HTTP Daemon 1.2.0 and possibly earlier versions
Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible via maliciously crafted HTTP headers. Attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as vulnerable daemon.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 19264 - Monkey HTTP Daemon Buffer Overflow (Zero-Day)
Upgrade to version 1.2.1 or newer.