----- Forwarded message from [EMAIL PROTECTED] ----- > From: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > Date: Mon, 7 Aug 2000 14:29:06 -0700 > To: [EMAIL PROTECTED] > Subject: [Security] ntop remote file exploitability > > ---------------------------------------------------------------------------- > Debian Security Advisory [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > August 7, 2000 > ---------------------------------------------------------------------------- > > Package: ntop > Vulnerability: remote file exploit > Debian-specific: no > Vulnerable: yes > > Using ntop to distribute network traffic through the network, > i.e. running ntop as webserver, it is possible to access arbitrary > files on the local filesystem. Since ntop runs as root uid, guess > what that means, even /etc/shadow got unsecured. > > Since ntop comes with its own simple web server this problem is not a > result of another webserver insecurity. > > Debian GNU/Linux 2.1 alias slink > -------------------------------- > > The "ntop" package is not a part of Debian 2.1. No fix is necessary. > > Debian 2.2 alias potato > ----------------------- > > This version of Debian is not yet released. Fixes are currently > available for Alpha, ARM, Intel ia32, Motorola 680x0, PowerPC and > the Sun Sparc architecture. > > Source archives: > > http://security.debian.org/dists/potato/updates/main/source/ntop_1.2a7-10.diff.gz > MD5 checksum: 8d39ab8c1d330ade898bf0ebf78b829f > http://security.debian.org/dists/potato/updates/main/source/ntop_1.2a7-10.dsc > MD5 checksum: 5259e2f5b4a191836dca47c3d354f4f0 > >http://security.debian.org/dists/potato/updates/main/source/ntop_1.2a7.orig.tar.gz > MD5 checksum: 9031a2001935b7a4882f8427f0edea15 > > Alpha architecture: > > >http://security.debian.org/dists/potato/updates/main/binary-alpha/ntop_1.2a7-10_alpha.deb > MD5 checksum: 517dbc9a62c246931dcd48e213bfbe3f > > ARM architecture: > > >http://security.debian.org/dists/potato/updates/main/binary-arm/ntop_1.2a7-10_arm.deb > MD5 checksum: bf0e6a3d630bb71b24f26457be93d362 > > Intel ia32 architecture: > > >http://security.debian.org/dists/potato/updates/main/binary-i386/ntop_1.2a7-10_i386.deb > MD5 checksum: 1da340aa9ef9131e17edb3f656c167e0 > > Motorola 680x0 architecture: > > >http://security.debian.org/dists/potato/updates/main/binary-m68k/ntop_1.2a7-10_m68k.deb > MD5 checksum: fcb78534a1dbaf29994e4a9e49909d96 > > PowerPC architecture: > > >http://security.debian.org/dists/potato/updates/main/binary-powerpc/ntop_1.2a7-10_powerpc.deb > MD5 checksum: b2322adefed307c07b243aeab0d3a41a > > Sun Sparc architecture: > > >http://security.debian.org/dists/potato/updates/main/binary-sparc/ntop_1.2a7-10_sparc.deb > MD5 checksum: 0b5b46223a907dfd931d59d8025e73e9 > > Debian Unstable alias woody > --------------------------- > > This version of Debian is not yet released and reflects the current > development release. Fixes are the same as for potato. > > > ---------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable updates > For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates > Mailing list: [EMAIL PROTECTED] > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > ----- End forwarded message ----- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
