segfault in ntop

[JP <px () negative zeroday net>]

I'm sorry if this has already been discussed on here before, but I went
through the thread and saw nothing on it.

I was able to remotley segfault ntop v.2.0.0 using Netscape 6.1 by simply
specifying a command in the url location bar.  For example:

http://ntop.site.com:port/`ls`

That above command will cause ntop to segfault and core dump.  I tried a
few different commands, ls and su segfaulted ntop, whereas everything else
I tried gave a 403 error, but ntop stayed online.

Here's information about my ntop platform:

Mandrake Linux v8.1 kernel 2.4.8-26mdk
ntop v.2.0.0 MT [i686-pc-linux-gnu] (01/24/02 03:04:18 PM build)

I was able to segfault ntop from the following platforms:

Mandrake Linux v8.1 kernel 2.4.8-26mdk with Netscape v6.1
(Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1)

Mandrake Linux v8.1 kernel 2.4.8-26mdk with Opera 5.0 for Linux - 20010510 Build 024 -[5]

Windows 2000 Server 5.00.2195 SP2 with Netscape v6.2.2
(Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1)
Gecko/20020314 Netscape6/6.2.2)

I was unable to duplicate this segfault with the following browsers:

Internet Explorer v6.0.2600.0000
Konqueror v2.2.1

I did not test any other platforms or browsers than the ones listed here.
I have notified ntop and haven't received a response yet.

Thanks,

jason