Bug#68418: marked as done (FWD: [ Hackerslab bug_paper ] ntop web mode vulnerabliity)

Tue, 12 Sep 2000 15:18:29 -0500 

Your message dated Tue, 12 Sep 2000 22:13:19 +0200 (CEST)
with message-id <[EMAIL PROTECTED]>
and subject line These bugs are already fixed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Darren Benham
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Aug 2000 17:48:32 +0000
>From [EMAIL PROTECTED] Wed Aug 02 12:48:32 2000
Return-path: <[EMAIL PROTECTED]>
Received: from adsl-63-193-116-241.dsl.snfc21.pacbell.net (kitenet.net) 
[63.193.116.241] (postfix)
        by master.debian.org with esmtp (Exim 3.12 2 (Debian))
        id 13K2d6-0005KL-00; Wed, 02 Aug 2000 12:48:32 -0500
Received: by kitenet.net (Postfix, from userid 500)
        id A127EBC037; Wed,  2 Aug 2000 10:48:28 -0700 (PDT)
Date: Wed, 2 Aug 2000 10:48:28 -0700
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: FWD: [ Hackerslab bug_paper ] ntop web mode vulnerabliity
Message-ID: <[EMAIL PROTECTED]>
Mail-Followup-To: Joey Hess <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
        [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2i
Sender: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]

Package: ntop
Severity: grave

I have verified this bug report -- fixing it is my utter top priority,
but I'd be very happy if someone else fixes it first.

----- Forwarded message from root <[EMAIL PROTECTED]> -----

From: root <[EMAIL PROTECTED]>
Date:         Wed, 2 Aug 2000 17:50:35 +0900
To: BUGTRAQ@SECURITYFOCUS.COM
Subject:      [ Hackerslab bug_paper ] ntop web mode vulnerabliity
Reply-To: root <[EMAIL PROTECTED]>

================================================================================

             [ Hackerslab bug_paper ] ntop web mode vulnerabliity

================================================================================



Command  :   /sbin/ntop -w <port>


SYSTEM :   N/A


INFO :

           ntop - display top network users     
        

      -w
        Starts ntop
in web  mode.  Users  can  attach  their  web
        browsers  to the specified port and browse traffic infor­
        mation remotely. Supposing to start ntop
at the port 3000
        (ntop  -w  3000),  the  URL  to  access  is  http://host­
        name:3000/.  The  file   ~/.ntop   specifies   the   HTTP
        user/password  of  those people who are allowed to access
        ntop. If the ~/.ntop file is missing no security will  be
        used  hence  everyone  can  access traffic information. A
        simple .ntop file is the following: # # .ntop File format
        #  #  user<tab>/<space>pw # # luca      linux Please note
        that an HTTP server is NOT needed in  order  to  use  the
        program in interactive mode.* 'bdf' program has SUID permission.


If use 'ntop' in web mode, it's web root is "/etc/ntop/html".

It's web mode is not check URL path.

So if URL is "http://URL:port/../../shadow";, remote user will read all file.

"everyone  can  access traffic information" !!!

If ntop use for public, anyone read all files.

==-------------------------------------------------------------------------------==
       *********
   *    **   **    *
 *      **   **      *
*       *******      *
 *      **   **      *                                       [EMAIL PROTECTED]
   *    **   **    *                                    [  
http://www.hackerslab.org ]
       *********           HACKERSLAB (C)  since 2000
==-------------------------------------------------------------------------------==

----- End forwarded message -----

-- 
see shy jo

---------------------------------------
Received: (at 68418-done) by bugs.debian.org; 12 Sep 2000 20:13:23 +0000
>From [EMAIL PROTECTED] Tue Sep 12 15:13:23 2000
Return-path: <[EMAIL PROTECTED]>
Received: from nilpferd.fachschaften.tu-muenchen.de [::ffff:129.187.176.79] 
        by master.debian.org with smtp (Exim 3.12 1 (Debian))
        id 13YwQk-0006rA-00; Tue, 12 Sep 2000 15:13:22 -0500
Received: (qmail 7321 invoked from network); 12 Sep 2000 20:13:19 -0000
Received: from gaia.fachschaften.tu-muenchen.de (129.187.176.73)
  by nilpferd.fachschaften.tu-muenchen.de with SMTP; 12 Sep 2000 20:13:19 -0000
Date: Tue, 12 Sep 2000 22:13:19 +0200 (CEST)
From: Adrian Bunk <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED], 
    [EMAIL PROTECTED], [EMAIL PROTECTED], 
    [EMAIL PROTECTED], [EMAIL PROTECTED], 
    [EMAIL PROTECTED], [EMAIL PROTECTED], 
    [EMAIL PROTECTED], [EMAIL PROTECTED], 
    [EMAIL PROTECTED], [EMAIL PROTECTED], 
    [EMAIL PROTECTED], [EMAIL PROTECTED], 
    [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: These bugs are already fixed
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: [EMAIL PROTECTED]

These bugs are already fixed.

cu,
Adrian

-- 
A "No" uttered from deepest conviction is better and greater than a
"Yes" merely uttered to please, or what is worse, to avoid trouble.
                -- Mahatma Ghandi

Reply via email to