Home page logo

bugtraq logo Bugtraq mailing list archives

Re: ntop -i local exploit
From: Bill Fumerola <billf () MU ORG>
Date: Mon, 29 Jan 2001 15:40:52 -0600

On Mon, Jan 29, 2001 at 12:54:42PM +0100, Paul Starzetz wrote:
1. Abstract

There are various format string bugs in the ntop package as mentioned in
former Bugtraq articles. This is _not_ a new problem. However, in
opposite to the '-w' option bug, an exploit for the existent '-i' option
format string bug has never been posted/released.

It's worth noting that FreeBSD doesn't[1] install this suid/sgid so this
exploit isn't a problem if ntop was installed from ports/packages.

Bill Fumerola / billf () FreeBSD org

1. as of rev 1.13 of ports/net/ntop/Makefile (Sun Aug 13 06:32:58 2000 UTC)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]