Debian Security Advisory: Package: ntopAug 08, 2000, 08:08 (0 Talkback[s])
(Other stories by Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Debian Security Advisory firstname.lastname@example.org http://www.debian.org/security/ Martin Schulze August 7, 2000
Package: ntop Vulnerability: remote file exploit Debian-specific: no Vulnerable: yesUsing ntop to distribute network traffic through the network, i.e. running ntop as webserver, it is possible to access arbitrary files on the local filesystem. Since ntop runs as root uid, guess what that means, even /etc/shadow got unsecured.
Since ntop comes with its own simple web server this problem is not a result of another webserver insecurity.
Debian GNU/Linux 2.1 alias slink
The "ntop" package is not a part of Debian 2.1. No fix is necessary.
Debian 2.2 alias potato
This version of Debian is not yet released. Fixes are currently available for Alpha, ARM, Intel ia32, Motorola 680x0, PowerPC and the Sun Sparc architecture.
Intel ia32 architecture:
Motorola 680x0 architecture:
Sun Sparc architecture:
Debian Unstable alias woody
This version of Debian is not yet released and reflects the current development release. Fixes are the same as for potato.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5jyi+W5ql+IAeqTIRAiFGAJ9EtloI2O+JOx9RE47TZ3bMv9meEQCcDjsk DVwsZ/8wxXl5yzPch/efuMA= =mon4 -----END PGP SIGNATURE-----