ntop Server Vulnerability

Impact

A vulnerability in the ntop server allows read access to any file on the system. An attacker could gain access to the system by cracking the password or shadow file.

Background

ntop is a utility which provides information on network usage. It can be used interactively, or it can run as a daemon on a selected TCP port (3000 by default). If it is running as a daemon, ntop can be used from a remote web browser.

The Problems

When ntop runs as a daemon, it does not validate pathnames supplied by the user. Therefore, a user can view any file on the system by supplying a pathname including the ../ sequence. Arbitrary files can be viewed by supplying a pathname relative to the ntop web root directory.

Resolutions

Do not run ntop as a daemon. To disable daemon mode, remove the -w option from ntop in the boot-up scripts. ntop can still be used safely in interactive mode.

Where can I read more about this?

This vulnerability was posted to Bugtraq.