tion bug, an exploit for the existent '-i' option
> format string bug has never been posted/released.
It's worth noting that FreeBSD doesn't[1] install this suid/sgid so this
exploit isn't a problem if ntop was installed from ports/packages.
--
Bill Fumerola / [EMAIL PROTECTED
oo.com/help/us/skey/skey-12.html
Hopefully this addresses all concerns raised on this list.
--
Bill Fumerola / [EMAIL PROTECTED]
08/24 01:06:35; author: peter; state: Exp; lines: +0 -0
Import unmodified (but trimmed) ncurses 5.0 prerelease 990821.
This contains the full eti (panel, form, menu) extensions.
bmake glue to follow.
Obtained from: ftp://ftp.clark.net/pub/dickey/ncurses
--
Bill Fumerola - Network Architect
Compu
ich is contrary to what the other person said, who was "under the
> impression it was freebsd specific."
The above is a Linux panic, so it obviously works on non-FreeBSD machines.
It's a pity to attach FreeBSD to this exploit, as it obviously isn't specific
to just the FreeBSD
even think
you can change this.)
I'm not downplaying the stupidity of cgiproc, I'm just saying lets not
all run and turn our contivity switches off.
--
Bill Fumerola - Network Architect
Computer Horizons Corp - CVM
e-mail: [EMAIL PROTECTED] / [EMAIL PROTECTED]
Office: 800-252-2421 x128 / Cell: 248-761-7272
) or the web interface
or
(b) contacted [EMAIL PROTECTED]
or
(c) sent mail to the maintainer of the port
to provide some sort of fighting chance before mailing Bugtraq. I'm
a huge bugtraq/full-disclosure advocate, but I also believe in giving
a group a fighting chance to fix it first.
Tha
s to configure:
--with-user=operator --with-group=operator
I'll look into this, and I've cc:'d the maintainer of the port and the
FreeBSD security officer.
--
- bill fumerola - [EMAIL PROTECTED] - BF1560 - computer horizons corp -
- ph:(800) 252-2421 - [EMAIL PROTECTED] - [EMAIL PROTECTED] -