Debian: Serious Access Control Vulnerability in Ntop Exposure Risk
debian
August 8, 2000
Using ntop to distribute network traffic through the network, it is possible to access arbitrary files on the local filesystem
Topics Covered
Summary
Package: ntop
Vulnerability: remote file exploit
Debian-specific: no
Vulnerable: yes
Using ntop to distribute network traffic through the network,
i.e. running ntop as webserver, it is possible to access arbitrary
files on the local filesystem. Since ntop runs as root uid, guess
what that means, even /etc/shadow got unsecured.
Since ntop comes with its own simple web server this problem is not a
result of another webserver insecurity.
Debian GNU/Linux 2.1 alias slink
The "ntop" package is not a part of Debian 2.1. No fix is necessary.
Debian 2.2 alias potato
- -----------------------
This version of Debian is not yet released. Fixes are currently
available for Alpha, ARM, Intel ia32, Motorola 680x0, PowerPC and
the Sun Sparc architecture.
Source archives:
MD5 checksum: 8d39ab8c1d330ade898bf0ebf78b829f
MD5 checksum: 5259e2f5b4a191836dca47c3d354f4f0
MD5 checksum: 9031a2001935b7a4882f8427f0edea15
Alpha architecture:
MD5 checksum: 517dbc9a62c2469...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!