mailing list archives
Re: Mrtg Path Disclosure Vulnerability
From: Barney Wolff <barney () databus com>
Date: Mon, 4 Feb 2002 12:05:59 -0500
Unless I'm terribly confused, mrtg only generates files and runs off
cron, not as a cgi. So you're dealing with something other than mrtg
itself. Also, the current version is 2.9.18pre1.
On Mon, Feb 04, 2002 at 02:18:54AM +0200, Tamer Sahin wrote:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg cgi
And may be other.