Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Mrtg Path Disclosure Vulnerability
From: Barney Wolff <barney () databus com>
Date: Mon, 4 Feb 2002 12:05:59 -0500

Unless I'm terribly confused, mrtg only generates files and runs off
cron, not as a cgi.  So you're dealing with something other than mrtg
itself.  Also, the current version is 2.9.18pre1.

Barney Wolff

On Mon, Feb 04, 2002 at 02:18:54AM +0200, Tamer Sahin wrote:

Summary:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg cgi
script.

http://host/mrtg.cgi?cfg=blabla

Tested:
Mrtg v2.090011
Mrtg v2.090006

Vulnerable:
Mrtg v2.090011
Mrtg v2.090006

And may be other.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]