Bugtraq mailing list archives
Re: ntop -i local exploit
From: Bill Fumerola <billf () MU ORG>
Date: Mon, 29 Jan 2001 15:40:52 -0600
On Mon, Jan 29, 2001 at 12:54:42PM +0100, Paul Starzetz wrote:
1. Abstract ----------- There are various format string bugs in the ntop package as mentioned in former Bugtraq articles. This is _not_ a new problem. However, in opposite to the '-w' option bug, an exploit for the existent '-i' option format string bug has never been posted/released.
It's worth noting that FreeBSD doesn't[1] install this suid/sgid so this exploit isn't a problem if ntop was installed from ports/packages. -- Bill Fumerola / billf () FreeBSD org 1. as of rev 1.13 of ports/net/ntop/Makefile (Sun Aug 13 06:32:58 2000 UTC)
Current thread:
- ntop -i local exploit Paul Starzetz (Jan 29)
- Re: ntop -i local exploit Bill Fumerola (Jan 30)