ntop Server Vulnerability
Impact
A vulnerability in the ntop server allows read access to
any file on the system. An attacker could gain access
to the system by cracking the password or shadow file.
Background
ntop is a utility which provides
information on network usage. It can be used
interactively, or it can run as a daemon on a selected
TCP port (3000 by default). If it is running as
a daemon, ntop can be used from
a remote web browser.
The Problems
When ntop runs as a daemon, it does
not validate pathnames supplied by the user. Therefore,
a user can view any file on the system by supplying
a pathname including the ../ sequence.
Arbitrary files can be viewed by supplying a pathname
relative to the ntop web root directory.
Resolutions
Do not run ntop as a daemon. To disable
daemon mode, remove the -w option from
ntop in the boot-up scripts. ntop
can still be used safely in interactive mode.
Where can I read more about this?
This vulnerability was posted to
Bugtraq.