|
| Current Newswire:
Debian Security Advisory: Package: ntopAug 08, 2000, 08:08 (0 Talkback[s])(Other stories by Martin Schulze) -----BEGIN PGP SIGNED MESSAGE----- Debian Security Advisory security@debian.org http://www.debian.org/security/ Martin Schulze August 7, 2000 Package: ntop Vulnerability: remote file exploit Debian-specific: no Vulnerable: yesUsing ntop to distribute network traffic through the network, i.e. running ntop as webserver, it is possible to access arbitrary files on the local filesystem. Since ntop runs as root uid, guess what that means, even /etc/shadow got unsecured. Since ntop comes with its own simple web server this problem is not a result of another webserver insecurity. Debian GNU/Linux 2.1 alias slink The "ntop" package is not a part of Debian 2.1. No fix is necessary. Debian 2.2 alias potato This version of Debian is not yet released. Fixes are currently available for Alpha, ARM, Intel ia32, Motorola 680x0, PowerPC and the Sun Sparc architecture. Source archives: Alpha architecture: ARM architecture: Intel ia32 architecture: Motorola 680x0 architecture: PowerPC architecture: Sun Sparc architecture: Debian Unstable alias woody This version of Debian is not yet released and reflects the current development release. Fixes are the same as for potato. For apt-get: deb http://security.debian.org/
stable updates -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5jyi+W5ql+IAeqTIRAiFGAJ9EtloI2O+JOx9RE47TZ3bMv9meEQCcDjsk DVwsZ/8wxXl5yzPch/efuMA= =mon4 -----END PGP SIGNATURE----- |