RE: segfault in ntop

[Craig Humphrey <Craig.Humphrey () ChapmanTripp com>]

I think this was fixed recently as it doesn't happen in my v.2.0.99 build
(from a recent cvs).


> -----Original Message-----
> From: JP [mailto:px () negative zeroday net]
> Sent: Thursday, 18 April 2002 5:13 AM
> To: bugtraq () securityfocus com
> Subject: segfault in ntop
>
>
> I'm sorry if this has already been discussed on here before, 
> but I went
> through the thread and saw nothing on it.
>
> I was able to remotley segfault ntop v.2.0.0 using Netscape 
> 6.1 by simply
> specifying a command in the url location bar.  For example:
>
> http://ntop.site.com:port/`ls`
>
> That above command will cause ntop to segfault and core dump. 
>  I tried a
> few different commands, ls and su segfaulted ntop, whereas 
> everything else
> I tried gave a 403 error, but ntop stayed online.
>
> Here's information about my ntop platform:
>
> Mandrake Linux v8.1 kernel 2.4.8-26mdk
> ntop v.2.0.0 MT [i686-pc-linux-gnu] (01/24/02 03:04:18 PM build)
>
> I was able to segfault ntop from the following platforms:
>
> Mandrake Linux v8.1 kernel 2.4.8-26mdk with Netscape v6.1
> (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) 
> Gecko/20010726 Netscape6/6.1)
>
> Mandrake Linux v8.1 kernel 2.4.8-26mdk with Opera 5.0 for 
> Linux - 20010510 Build 024 -[5]
>
> Windows 2000 Server 5.00.2195 SP2 with Netscape v6.2.2
> (Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1)
> Gecko/20020314 Netscape6/6.2.2)
>
> I was unable to duplicate this segfault with the following browsers:
>
> Internet Explorer v6.0.2600.0000
> Konqueror v2.2.1
>
> I did not test any other platforms or browsers than the ones 
> listed here.
> I have notified ntop and haven't received a response yet.
>
> Thanks,
>
> jason