oss-sec mailing list archives
CVE request: FD leakage for cgi program on Monkey HTTPD
From: Felipe Pena <felipensp () gmail com>
Date: Fri, 14 Jun 2013 14:24:09 -0300
I've identified a fd leakage when running a program via Monkey HTTPD - CGI plugin. By runninng `ls -lah /proc/<pid>/fd/` on the CGI program we can see: total 0 dr-x------ 2 felipe felipe 0 Jun 14 14:00 . dr-xr-xr-x 8 felipe felipe 0 Jun 14 14:00 .. lr-x------ 1 felipe felipe 64 Jun 14 14:00 0 -> pipe:[239545] l-wx------ 1 felipe felipe 64 Jun 14 14:00 1 -> pipe:[239546] lrwx------ 1 felipe felipe 64 Jun 14 14:00 10 -> anon_inode:[eventpoll] lr-x------ 1 felipe felipe 64 Jun 14 14:00 11 -> pipe:[242960] lrwx------ 1 felipe felipe 64 Jun 14 14:00 12 -> anon_inode:[eventpoll] lrwx------ 1 felipe felipe 64 Jun 14 14:00 13 -> anon_inode:[eventpoll] lrwx------ 1 felipe felipe 64 Jun 14 14:00 14 -> anon_inode:[eventpoll] lrwx------ 1 felipe felipe 64 Jun 14 14:00 15 -> anon_inode:[eventpoll] lrwx------ 1 felipe felipe 64 Jun 14 14:00 16 -> anon_inode:[eventpoll] lrwx------ 1 felipe felipe 64 Jun 14 14:00 17 -> anon_inode:[eventpoll] lrwx------ 1 felipe felipe 64 Jun 14 14:00 18 -> anon_inode:[eventpoll] lrwx------ 1 felipe felipe 64 Jun 14 14:00 19 -> anon_inode:[eventpoll] l-wx------ 1 felipe felipe 64 Jun 14 14:00 2 -> /dev/null lrwx------ 1 felipe felipe 64 Jun 14 14:00 3 -> socket:[240797] lrwx------ 1 felipe felipe 64 Jun 14 14:00 4 -> /home/felipe/audit/monkey/monkey/logs/monkey.pid.2001 lr-x------ 1 felipe felipe 64 Jun 14 14:00 5 -> pipe:[240798] l-wx------ 1 felipe felipe 64 Jun 14 14:00 6 -> pipe:[240798] lr-x------ 1 felipe felipe 64 Jun 14 14:00 7 -> pipe:[240799] l-wx------ 1 felipe felipe 64 Jun 14 14:00 8 -> pipe:[240799] lrwx------ 1 felipe felipe 64 Jun 14 14:00 9 -> socket:[242784] Hence a malicious program can take control of Monkey HTTP request response through a network socket related file descriptor, etc. Report ------ http://bugs.monkey-project.com/ticket/187 CREDITS ------- Felipe Pena -- Regards, Felipe Pena
Current thread:
- CVE request: FD leakage for cgi program on Monkey HTTPD Felipe Pena (Jun 14)
- RE: CVE request: FD leakage for cgi program on Monkey HTTPD Christey, Steven M. (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD Felipe Pena (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD Seth Arnold (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD John Lightsey (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD Seth Arnold (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD John Lightsey (Jun 14)
- RE: CVE request: FD leakage for cgi program on Monkey HTTPD Christey, Steven M. (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD Yves-Alexis Perez (Jun 14)