You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sending a request containing null bytes causes a thread to crash. If you crash all of the threads, the server becomes useless. Version 1.1.1 is vulnerable.
From GDB:
[2013/05/24 17:35:34] [ Info] HTTP Server started
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6de1b40 (LWP 30602)]
0xb7e7b8a1 in ?? () from /lib/i386-linux-gnu/libc.so.6
(gdb) bt http://bugs.monkey-project.com/ticket/0 0xb7e7b8a1 in ?? () from /lib/i386-linux-gnu/libc.so.6 #1 0x08050314 in mk_string_char_search_r () #2 0x0804b8c2 in mk_handler_write () #3 0x08050c00 in mk_conn_write () #4 0x0804f54a in mk_epoll_init () #5 0x0804ff07 in mk_sched_launch_worker_loop () #6 0xb7f9fd78 in start_thread ()
from /lib/i386-linux-gnu/libpthread.so.0 #7 0xb7ed63de in clone () from /lib/i386-linux-gnu/libc.so.6
Sending a request containing null bytes causes a thread to crash. If you crash all of the threads, the server becomes useless. Version 1.1.1 is vulnerable.
From GDB:
[2013/05/24 17:35:34] [ Info] HTTP Server started
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6de1b40 (LWP 30602)]
0xb7e7b8a1 in ?? () from /lib/i386-linux-gnu/libc.so.6
(gdb) bt
http://bugs.monkey-project.com/ticket/0 0xb7e7b8a1 in ?? () from /lib/i386-linux-gnu/libc.so.6
#1 0x08050314 in mk_string_char_search_r ()
#2 0x0804b8c2 in mk_handler_write ()
#3 0x08050c00 in mk_conn_write ()
#4 0x0804f54a in mk_epoll_init ()
#5 0x0804ff07 in mk_sched_launch_worker_loop ()
#6 0xb7f9fd78 in start_thread ()
from /lib/i386-linux-gnu/libpthread.so.0
#7 0xb7ed63de in clone () from /lib/i386-linux-gnu/libc.so.6
From monkey's master.log:
[stack trace]
[2013/05/25 10:58:48] [ Error] Segmentation fault (11), code=1, addr=0xfffffff0
POC:
http://pastebin.com/vcQ2Ktsr
Migrated from http://bugs.monkey-project.com/ticket/181
The text was updated successfully, but these errors were encountered: