[17341] in bugtraq
Re: Security Advisory - ntop local buffer overflow vulnerability
daemon@ATHENA.MIT.EDU (BAILLEUX Christophe)
Wed Oct 25 13:27:57 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.21.0010251039340.375-100000@tshaw.grolier.fr>
Date: Wed, 25 Oct 2000 11:18:24 +0200
Reply-To: BAILLEUX Christophe <cb@GROLIER.FR>
From: BAILLEUX Christophe <cb@GROLIER.FR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0010241330280.12507-200000@tshaw.grolier.fr>
Hi,
Just a little detail :)
The vulnerable packages are ntop-1.1-1.rdh6.i386.rpm and
ntop-1.1-1.i386.rpm.
The package provided and recommended by the readhat team and used
with redhat 6.2 is ntop-1.1-5.i386.rpm.
ftp://rpmfind.net/linux/powertools/6.2/i386/i386/ntop-1.1-5.i386.rpm
If you use the vulnerable package do it:
rpm -Uvh ntop-1.1-5.i386.rpm.
This package is not installed with the root suid bit.
regards,
--
BAILLEUX Christophe - Network & System Security Engineer
Grolier Interactive Europe-OG/CS
Voice:+33-(0)1-5545-4789 - mailto:cb@grolier.fr
> IV. Exploit (See Attachment)
>
>
> Tested on redhat 6.2 (Zoot) where ntop is installed by default with the
> bit setuid root
>
>
> [cb@nux cb]$ cat /etc/redhat-release
> Red Hat Linux release 6.2 (Zoot)
> [cb@nux cb]$ rpm -qf /sbin/ntop
> ntop-1.1-1
> [cb@nux cb]$ id
> uid=535(cb) gid=535(cb) groups=535(cb)
> [cb@nux cb]$ ./expl
>
> ntop v.1.1 MT [i586-pc-linux-gnu] listening on
> ..............................
>
> Host Act -Rcvd- Sent TCP UDP ICMP
> bash#
> bash# id
> uid=0(root) gid=535(cb) egid=3(sys) groups=535(cb)
> bash# exit
> [cb@nux cb]$
>
>
>
> Greetings to kalou, Bdev, cleb, dv, PullthePlug Community and all i
> forget.
> Thanks Teuk for leating me use his server, for do and test ntop redhat
> 6.2 exploit :)
>
> Regards,
