SLUG Mailing List Archives

To: <slug@xxxxxxxxxxx>
Subject: RE: [SLUG] IP Accounting - ntop security problem
From: "Marty" <marty@xxxxxxxxxxxxx>
Date: Thu Aug 3 07:39:46 2000

> If you use the latest ntop from CVS it handles restarts without resetting
> the counters.  I've not had a segfault for a few months now.
>
> John Wiltshire


hehe, did you see bugtraq this morning? This is an excerpt from Hackerslab
(dubhe@xxxxxxxxxxxxxx)
______
If use 'ntop' in web mode, it's web root is "/etc/ntop/html".

It's web mode is not check URL path.

So if URL is "http://URL:port/../../shadow";, remote user will read all file.
______

Cheers,
Marty

Follow-Ups:
- RE: [SLUG] IP Accounting - ntop security problem
  - From: Marty

References:
- RE: [SLUG] IP Accounting
  - From: John Wiltshire

Messages sorted by: [ date | thread ]
Prev by Date: [SLUG] Installfest - Big Update !
Next by Date: RE: [SLUG] IP Accounting - ntop security problem
Previous by thread: RE: [SLUG] IP Accounting
Next by thread: RE: [SLUG] IP Accounting - ntop security problem

RE: [SLUG] IP Accounting - ntop security problem