ntop -i Option Local Overflow

2000-10-24T00:00:00
ID OSVDB:6513
Type osvdb
Reporter Christophe BAILLEUX(cb@grolier fr)
Modified 2000-10-24T00:00:00

Description

Vulnerability Description

A local overflow exists in ntop. The program fails to check the bounds of input supplied to the "-i" argument resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with elevated privileges resulting in a loss of integrity.

Solution Description

Upgrade to version 2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in ntop. The program fails to check the bounds of input supplied to the "-i" argument resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with elevated privileges resulting in a loss of integrity.

References:

Vendor URL: http://www.ntop.org/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-10/0336.html ISS X-Force ID: 5429