mailing list archives
Re: ntop -i local exploit
From: Bill Fumerola <billf () MU ORG>
Date: Mon, 29 Jan 2001 15:40:52 -0600
On Mon, Jan 29, 2001 at 12:54:42PM +0100, Paul Starzetz wrote:
There are various format string bugs in the ntop package as mentioned in
former Bugtraq articles. This is _not_ a new problem. However, in
opposite to the '-w' option bug, an exploit for the existent '-i' option
format string bug has never been posted/released.
It's worth noting that FreeBSD doesn't install this suid/sgid so this
exploit isn't a problem if ntop was installed from ports/packages.
Bill Fumerola / billf () FreeBSD org
1. as of rev 1.13 of ports/net/ntop/Makefile (Sun Aug 13 06:32:58 2000 UTC)