Bugtraq mailing list archives
Re: Security Advisory - ntop local buffer overflow vulnerability
From: BAILLEUX Christophe <cb () GROLIER FR>
Date: Wed, 25 Oct 2000 11:18:24 +0200
Hi, Just a little detail :) The vulnerable packages are ntop-1.1-1.rdh6.i386.rpm and ntop-1.1-1.i386.rpm. The package provided and recommended by the readhat team and used with redhat 6.2 is ntop-1.1-5.i386.rpm. ftp://rpmfind.net/linux/powertools/6.2/i386/i386/ntop-1.1-5.i386.rpm If you use the vulnerable package do it: rpm -Uvh ntop-1.1-5.i386.rpm. This package is not installed with the root suid bit. regards, -- BAILLEUX Christophe - Network & System Security Engineer Grolier Interactive Europe-OG/CS Voice:+33-(0)1-5545-4789 - mailto:cb () grolier fr
IV. Exploit (See Attachment) Tested on redhat 6.2 (Zoot) where ntop is installed by default with the bit setuid root [cb@nux cb]$ cat /etc/redhat-release Red Hat Linux release 6.2 (Zoot) [cb@nux cb]$ rpm -qf /sbin/ntop ntop-1.1-1 [cb@nux cb]$ id uid=535(cb) gid=535(cb) groups=535(cb) [cb@nux cb]$ ./expl ntop v.1.1 MT [i586-pc-linux-gnu] listening on .............................. Host Act -Rcvd- Sent TCP UDP ICMP bash# bash# id uid=0(root) gid=535(cb) egid=3(sys) groups=535(cb) bash# exit [cb@nux cb]$ Greetings to kalou, Bdev, cleb, dv, PullthePlug Community and all i forget. Thanks Teuk for leating me use his server, for do and test ntop redhat 6.2 exploit :) Regards,
Current thread:
- Security Advisory - ntop local buffer overflow vulnerability (fwd) BAILLEUX Christophe (Oct 25)
- Re: Security Advisory - ntop local buffer overflow vulnerability BAILLEUX Christophe (Oct 26)