[ebuild R ] net-analyzer/ntop-3.2-r1 -ipv6 -nls -snmp +ssl -tcpd +zlib 0 kB http://domain.net:3000/GET%20/%%%20HTTP/1.0 will crash ntop. Leaving you at an error page and failure to connect. Not sure if this is the right place for this. I found this via a nessus plugin.
taviso please advise
> Not sure if this is the right place for this. I found this via a nessus plugin. it's the good place. i'm running an old ntop-3.0 and i can't reproduce the crash.
> i'm running an old ntop-3.0 and i can't reproduce the crash. same with 3.2-r1 :/ (~x86) other tests ?
WFM as well, is this pre or post authentication? if it's pre-authentication, we might be interested in this as a local-DoS. If you can still reliably reproduce this, we will need more information to track it down, we need the output of `emerge info`, a gdb backtrace and preferably valgrind memcheck output. If you're not familiar with gdb, all you need to do is re install ntop with debugging symbols, eg FEATURES="nostrip" CFLAGS="-ggdb3 -O0" emerge ntop, then run ntop under gdb, eg: $ gdb ntop (gdb) r then make it crash, then send us the output of the following commands: bt x/i $pc info registers
I may have jumped the gun on this one guys. I apologize for the inconvenience. I got a little excited once nessus showed me this error. However what really happens is ntop recognizes the bad URL string and denies login for that ip address for X number of minutes or until the daemon is restarted. Sorry again.... <snip> Mon Jul 31 07:56:35 2006 **ERROR** URL security: '/%%%%%%%%%%%%%20' rejected (code=1)(client=192.168.1.76) Mon Jul 31 07:56:35 2006 **ERROR** Rejected request from address 192.168.1.76 (it previously sent ntop a bad request) </snip>
