ntop Server Vulnerability
CVE 2000-0705
CVE 2000-0706
Impact
A vulnerability in the ntop server allows read access to
any file on the system. A separate vulnerability could allow
an attacker to execute arbitrary commands by exploiting a
buffer overflow condition.
Background
ntop is a utility which provides
information on network usage. It can be used
interactively, or it can run as a daemon on a selected
TCP port (3000 by default). If it is running as
a daemon, ntop can be used from
a remote web browser.
The Problems
CVE 2000-0705
When ntop runs as a daemon, it does
not validate pathnames supplied by the user. Therefore,
a user can view any file on the system by supplying
a pathname including the ../ sequence.
Arbitrary files can be viewed by supplying a pathname
relative to the ntop web root directory.
CVE 2000-0706
There is also a buffer overflow condition in the ntop daemon
which could allow an attacker to execute arbitrary commands
at the privilege level of the user running ntop.
Resolutions
Do not run ntop as a daemon. To disable
daemon mode, remove the -w option from
ntop in the boot-up scripts. ntop
can still be used safely in interactive mode.
Where can I read more about this?
The first vulnerability was posted to
Bugtraq. The second was discussed in an advisory from
Debian.