Bugtraq mailing list archives
Re: Mrtg Path Disclosure Vulnerability
From: Dave Ahmad <da () securityfocus com>
Date: Mon, 4 Feb 2002 10:56:28 -0700 (MST)
Barney, You're correct.. 'mrtg.cgi' is not part of MRTG. It's from a completely indepedent utility called 'mrtgconfig'. The project homepage is: http://mrtgconfig.sourceforge.net/ The path disclosure issue (version 0.5.9): [dma@victim mrtgconfig]$ /home/dma/mtrg/mrtgconfig/mrtg.cgi (offline mode: enter name=value pairs on standard input) cfg Content-type: text/html <H1>Software error:</H1> <CODE>Can't open configuration file for mrtgconfig: No such file or directory at /home/dma/mrtg/mrtgconfig/mrtg.cgi line 46, <STDIN> chunk 1. </CODE> <P> For help, please send mail to this site's webmaster, giving this error message and the time and date of the error. Dave Ahmad SecurityFocus www.securityfocus.com On Mon, 4 Feb 2002, Barney Wolff wrote:
Unless I'm terribly confused, mrtg only generates files and runs off cron, not as a cgi. So you're dealing with something other than mrtg itself. Also, the current version is 2.9.18pre1. Barney Wolff On Mon, Feb 04, 2002 at 02:18:54AM +0200, Tamer Sahin wrote:Summary: If an attacker submits a web request containing unexpected arguments for script variables, an error message will be displayed containing the path to the webroot directory of the server running the Mrtg cgi script. http://host/mrtg.cgi?cfg=blabla Tested: Mrtg v2.090011 Mrtg v2.090006 Vulnerable: Mrtg v2.090011 Mrtg v2.090006 And may be other.
Current thread:
- Mrtg Path Disclosure Vulnerability Tamer Sahin (Feb 04)
- Re: Mrtg Path Disclosure Vulnerability Barney Wolff (Feb 04)
- Re: Mrtg Path Disclosure Vulnerability Dave Ahmad (Feb 04)
- <Possible follow-ups>
- Re: Mrtg Path Disclosure Vulnerability Frog Man (Feb 04)
- Re: Mrtg Path Disclosure Vulnerability Jason Hicks (Feb 10)
- Re: Mrtg Path Disclosure Vulnerability Barney Wolff (Feb 04)