Debian Security Advisory
ntop -- Still remotely exploitable using buffer overflows
- Date Reported:
- 30 Aug 2000
- Affected Packages:
- ntop
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0706.
- More information:
- The updated version of ntop (1.2a7-10) that was released on August 5
was found to still be insecure: It was still exploitable using buffer
overflows. Using this technique it was possible to run arbitrary code
as the user who ran ntop in web mode.
In order to permanently fix these problems an updated package has been released that disables web mode completely. The version of this fix is 1.2a7-11.
We recommend you upgrade or remove your ntop package immediately.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
-
http://security.debian.org/dists/stable/updates/main/source/ntop_1.2a7-11.diff.gz
-
http://security.debian.org/dists/stable/updates/main/source/ntop_1.2a7-11.dsc
-
http://security.debian.org/dists/stable/updates/main/source/ntop_1.2a7.orig.tar.gz
- Alpha:
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/ntop_1.2a7-11_alpha.deb
- ARM:
-
http://security.debian.org/dists/stable/updates/main/binary-arm/ntop_1.2a7-11_arm.deb
- Intel ia32:
-
http://security.debian.org/dists/stable/updates/main/binary-i386/ntop_1.2a7-11_i386.deb
- Motorola 680x0:
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/ntop_1.2a7-11_m68k.deb
- PowerPC:
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ntop_1.2a7-11_powerpc.deb
- Sun Sparc:
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/ntop_1.2a7-11_sparc.deb