Summary: | net-analyzer/ntop URL String Crashes ntop | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Brett <dashnu> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | VERIFIED WORKSFORME | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Other | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Brett
2006-06-05 12:26:23 UTC
taviso please advise
> Not sure if this is the right place for this. I found this via a nessus plugin.
it's the good place.
i'm running an old ntop-3.0 and i can't reproduce the crash.
> i'm running an old ntop-3.0 and i can't reproduce the crash.
same with 3.2-r1 :/
(~x86)
other tests ?
WFM as well, is this pre or post authentication? if it's pre-authentication, we might be interested in this as a local-DoS. If you can still reliably reproduce this, we will need more information to track it down, we need the output of `emerge info`, a gdb backtrace and preferably valgrind memcheck output. If you're not familiar with gdb, all you need to do is re install ntop with debugging symbols, eg FEATURES="nostrip" CFLAGS="-ggdb3 -O0" emerge ntop, then run ntop under gdb, eg: $ gdb ntop (gdb) r then make it crash, then send us the output of the following commands: bt x/i $pc info registers I may have jumped the gun on this one guys. I apologize for the inconvenience. I got a little excited once nessus showed me this error. However what really happens is ntop recognizes the bad URL string and denies login for that ip address for X number of minutes or until the daemon is restarted. Sorry again.... <snip> Mon Jul 31 07:56:35 2006 **ERROR** URL security: '/%%%%%%%%%%%%%20' rejected (code=1)(client=192.168.1.76) Mon Jul 31 07:56:35 2006 **ERROR** Rejected request from address 192.168.1.76 (it previously sent ntop a bad request) </snip> |