mailing list archives
Re: Mrtg Path Disclosure Vulnerability
From: Dave Ahmad <da () securityfocus com>
Date: Mon, 4 Feb 2002 10:56:28 -0700 (MST)
You're correct.. 'mrtg.cgi' is not part of MRTG. It's from a completely
indepedent utility called 'mrtgconfig'. The project homepage is:
The path disclosure issue (version 0.5.9):
[dma () victim mrtgconfig]$ /home/dma/mtrg/mrtgconfig/mrtg.cgi
(offline mode: enter name=value pairs on standard input)
<CODE>Can't open configuration file for mrtgconfig: No such file or
directory at /home/dma/mrtg/mrtgconfig/mrtg.cgi line 46,
<STDIN> chunk 1.
For help, please send mail to this site's webmaster, giving this error
message and the time and date of the error.
On Mon, 4 Feb 2002, Barney Wolff wrote:
Unless I'm terribly confused, mrtg only generates files and runs off
cron, not as a cgi. So you're dealing with something other than mrtg
itself. Also, the current version is 2.9.18pre1.
On Mon, Feb 04, 2002 at 02:18:54AM +0200, Tamer Sahin wrote:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg cgi
And may be other.