|
Bugtraq
mailing list archives
Re: Security Advisory - ntop local buffer overflow vulnerability
From: BAILLEUX Christophe <cb () GROLIER FR>
Date: Wed, 25 Oct 2000 11:18:24 +0200
Hi,
Just a little detail :)
The vulnerable packages are ntop-1.1-1.rdh6.i386.rpm and
ntop-1.1-1.i386.rpm.
The package provided and recommended by the readhat team and used
with redhat 6.2 is ntop-1.1-5.i386.rpm.
ftp://rpmfind.net/linux/powertools/6.2/i386/i386/ntop-1.1-5.i386.rpm
If you use the vulnerable package do it:
rpm -Uvh ntop-1.1-5.i386.rpm.
This package is not installed with the root suid bit.
regards,
--
BAILLEUX Christophe - Network & System Security Engineer
Grolier Interactive Europe-OG/CS
Voice:+33-(0)1-5545-4789 - mailto:cb () grolier fr
IV. Exploit (See Attachment)
Tested on redhat 6.2 (Zoot) where ntop is installed by default with the
bit setuid root
[cb () nux cb]$ cat /etc/redhat-release
Red Hat Linux release 6.2 (Zoot)
[cb () nux cb]$ rpm -qf /sbin/ntop
ntop-1.1-1
[cb () nux cb]$ id
uid=535(cb) gid=535(cb) groups=535(cb)
[cb () nux cb]$ ./expl
ntop v.1.1 MT [i586-pc-linux-gnu] listening on
..............................
Host Act -Rcvd- Sent TCP UDP ICMP
bash#
bash# id
uid=0(root) gid=535(cb) egid=3(sys) groups=535(cb)
bash# exit
[cb () nux cb]$
Greetings to kalou, Bdev, cleb, dv, PullthePlug Community and all i
forget.
Thanks Teuk for leating me use his server, for do and test ntop redhat
6.2 exploit :)
Regards,
 By Date 
By Thread
Current thread:
|
Intro
