[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [SLUG] IP Accounting - ntop security problem

To: <slug@nospam.slug.org.au>
Subject: RE: [SLUG] IP Accounting - ntop security problem
From: "Marty" <marty@nospam.asgard.aus.tm>
Date: Thu, 3 Aug 2000 07:10:03 +1000
Importance: Normal
In-Reply-To: <F5DD6D5A1174B8468718ECC22AA007DD0A2FCC@nospam.TSD2.qits.net.au>
List-Id: General Discussions <slug.slug.org.au>
Sender: slug-admin@nospam.slug.org.au

> If you use the latest ntop from CVS it handles restarts without resetting
> the counters.  I've not had a segfault for a few months now.
>
> John Wiltshire


hehe, did you see bugtraq this morning? This is an excerpt from Hackerslab
(dubhe@nospam.hackerslab.org)
______
If use 'ntop' in web mode, it's web root is "/etc/ntop/html".

It's web mode is not check URL path.

So if URL is "http://URL:port/../../shadow", remote user will read all file.
______

Cheers,
Marty



--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Follow-Ups:
- RE: [SLUG] IP Accounting - ntop security problem
  - From: "Marty" <marty@nospam.asgard.aus.tm>

References:
- RE: [SLUG] IP Accounting
  - From: John Wiltshire <jw@nospam.qits.net.au>

Prev by Date: [SLUG] Installfest - Big Update !
Next by Date: RE: [SLUG] IP Accounting - ntop security problem
Prev by thread: RE: [SLUG] IP Accounting
Next by thread: RE: [SLUG] IP Accounting - ntop security problem
Index(es):
- Date
- Thread