Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Mrtg Path Disclosure Vulnerability
From: Dave Ahmad <da () securityfocus com>
Date: Mon, 4 Feb 2002 10:56:28 -0700 (MST)


You're correct.. 'mrtg.cgi' is not part of MRTG.  It's from a completely
indepedent utility called 'mrtgconfig'.  The project homepage is:


The path disclosure issue (version 0.5.9):

[dma () victim mrtgconfig]$ /home/dma/mtrg/mrtgconfig/mrtg.cgi
(offline mode: enter name=value pairs on standard input)
Content-type: text/html

<H1>Software error:</H1>
<CODE>Can't open configuration file for mrtgconfig: No such file or
directory at /home/dma/mrtg/mrtgconfig/mrtg.cgi line 46,
&lt;STDIN&gt; chunk 1.

For help, please send mail to this site's webmaster, giving this error
message and the time and date of the error.

Dave Ahmad

On Mon, 4 Feb 2002, Barney Wolff wrote:

Unless I'm terribly confused, mrtg only generates files and runs off
cron, not as a cgi.  So you're dealing with something other than mrtg
itself.  Also, the current version is 2.9.18pre1.

Barney Wolff

On Mon, Feb 04, 2002 at 02:18:54AM +0200, Tamer Sahin wrote:

If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg cgi


Mrtg v2.090011
Mrtg v2.090006

Mrtg v2.090011
Mrtg v2.090006

And may be other.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]