PT-2012-5902 · Monkey · Monkey Http Daemon
Moritz Muehlenhoff
·
Published
2012-10-05
·
Updated
2020-03-26
·
CVE-2012-5303
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Monkey HTTP Daemon version 0.9.3
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on a PID file. This can be achieved by using a pathname different from the default /var/run/monkey.pid pathname.
Recommendations
For Monkey HTTP Daemon version 0.9.3, consider restricting access to the PID file to prevent symlink attacks until a patch is available. As a temporary workaround, monitor the system for suspicious activity and adjust file permissions to minimize potential damage.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Monkey Http Daemon