Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 135669 - net-analyzer/ntop URL String Crashes ntop
Summary: net-analyzer/ntop URL String Crashes ntop
Status: VERIFIED WORKSFORME
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: x86 Other
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-06-05 12:26 UTC by Brett
Modified: 2006-07-31 04:59 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brett 2006-06-05 12:26:23 UTC
[ebuild R ] net-analyzer/ntop-3.2-r1 -ipv6 -nls -snmp +ssl -tcpd +zlib 0 kB 

http://domain.net:3000/GET%20/%%%20HTTP/1.0

will crash ntop. Leaving you at an error page and failure to connect.

Not sure if this is the right place for this. I found this via a nessus plugin.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-06-06 01:58:16 UTC
taviso please advise
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-07-06 15:28:58 UTC
> Not sure if this is the right place for this. I found this via a nessus plugin.

it's the good place.

i'm running an old ntop-3.0 and i can't reproduce the crash.

Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-07-07 00:53:29 UTC
> i'm running an old ntop-3.0 and i can't reproduce the crash.

same with 3.2-r1  :/
(~x86)

other tests ?
Comment 4 Tavis Ormandy (RETIRED) gentoo-dev 2006-07-30 09:13:16 UTC
WFM as well, is this pre or post authentication? if it's pre-authentication, we might be interested in this as a local-DoS.

If you can still reliably reproduce this, we will need more information to track it down, we need the output of `emerge info`, a gdb backtrace and preferably valgrind memcheck output.

If you're not familiar with gdb, all you need to do is re install ntop with debugging symbols, eg FEATURES="nostrip" CFLAGS="-ggdb3 -O0" emerge ntop, then run ntop under gdb, eg:

$ gdb ntop
(gdb) r

then make it crash, then send us the output of the following commands:

bt
x/i $pc
info registers

Comment 5 Brett 2006-07-31 04:59:31 UTC
I may have jumped the gun on this one guys. I apologize for the inconvenience. 

I got a little excited once nessus showed me this error. However what really happens is ntop recognizes the bad URL string and denies login for that ip address for X number of minutes or until the daemon is restarted.

Sorry again....

<snip>
Mon Jul 31 07:56:35 2006  **ERROR** URL security: '/%%%%%%%%%%%%%20' rejected (code=1)(client=192.168.1.76)
Mon Jul 31 07:56:35 2006  **ERROR** Rejected request from address 192.168.1.76 (it previously sent ntop a bad request)
</snip>