Re: Security Advisory - ntop local buffer overflow vulnerability

[BAILLEUX Christophe <cb () GROLIER FR>]

Hi,

Just a little detail :)
The vulnerable packages are ntop-1.1-1.rdh6.i386.rpm and
ntop-1.1-1.i386.rpm.
The package provided and recommended by the readhat team and used
with redhat 6.2 is ntop-1.1-5.i386.rpm.


ftp://rpmfind.net/linux/powertools/6.2/i386/i386/ntop-1.1-5.i386.rpm


If you use the vulnerable package do it:

rpm -Uvh ntop-1.1-5.i386.rpm.

This package is not installed with the root suid bit.

regards,


--
BAILLEUX Christophe - Network & System Security Engineer
Grolier Interactive Europe-OG/CS
Voice:+33-(0)1-5545-4789 - mailto:cb () grolier fr

> IV.     Exploit (See Attachment)
>
>
> Tested on redhat 6.2 (Zoot) where ntop is installed by default with the
> bit setuid root
>
>
> [cb@nux cb]$ cat /etc/redhat-release
> Red Hat Linux release 6.2 (Zoot)
> [cb@nux cb]$ rpm -qf /sbin/ntop
> ntop-1.1-1
> [cb@nux cb]$ id
> uid=535(cb) gid=535(cb) groups=535(cb)
> [cb@nux cb]$ ./expl
>
> ntop v.1.1 MT [i586-pc-linux-gnu] listening on
> ..............................
>
> Host        Act   -Rcvd-      Sent    TCP   UDP ICMP
> bash#
> bash# id
> uid=0(root) gid=535(cb) egid=3(sys) groups=535(cb)
> bash# exit
> [cb@nux cb]$
>
>
>
> Greetings to kalou, Bdev, cleb, dv, PullthePlug Community and all i
> forget.
> Thanks Teuk for leating me use his server, for do and test ntop redhat
> 6.2 exploit :)
>
> Regards,