GLSA-200402-03 : Monkeyd Denial of Service vulnerability

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200402-03
(Monkeyd Denial of Service vulnerability)

A bug in the URI processing of incoming requests allows for a Denial of
Service to be launched against the webserver, which may cause the server
to crash or behave sporadically.

Impact :

Although there are no public exploits known for bug, users are recommended
to upgrade to ensure the security of their infrastructure.

Workaround :

There is no immediate workaround
a software upgrade is
required. The vulnerable function in the code has been rewritten.

See also :

http://www.nessus.org/u?252c727c
http://www.gentoo.org/security/en/glsa/glsa-200402-03.xml

Solution :

All users are recommended to upgrade monkeyd to 0.8.2:
# emerge sync
# emerge -pv '>=www-servers/monkeyd-0.8.2'
# emerge '>=www-servers/monkeyd-0.8.2'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14447 (gentoo_GLSA-200402-03.nasl)

Bugtraq ID:

CVE ID: