Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Mrtg Path Disclosure Vulnerability
From: Barney Wolff <barney () databus com>
Date: Mon, 4 Feb 2002 12:05:59 -0500

Unless I'm terribly confused, mrtg only generates files and runs off
cron, not as a cgi.  So you're dealing with something other than mrtg
itself.  Also, the current version is 2.9.18pre1.

Barney Wolff

On Mon, Feb 04, 2002 at 02:18:54AM +0200, Tamer Sahin wrote:

If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg cgi


Mrtg v2.090011
Mrtg v2.090006

Mrtg v2.090011
Mrtg v2.090006

And may be other.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]