ntop Server Vulnerability

CVE 2000-0705
CVE 2000-0706

Impact

A vulnerability in the ntop server allows read access to any file on the system. A separate vulnerability could allow an attacker to execute arbitrary commands by exploiting a buffer overflow condition.

Background

ntop is a utility which provides information on network usage. It can be used interactively, or it can run as a daemon on a selected TCP port (3000 by default). If it is running as a daemon, ntop can be used from a remote web browser.

The Problems

CVE 2000-0705
When ntop runs as a daemon, it does not validate pathnames supplied by the user. Therefore, a user can view any file on the system by supplying a pathname including the ../ sequence. Arbitrary files can be viewed by supplying a pathname relative to the ntop web root directory.

CVE 2000-0706
There is also a buffer overflow condition in the ntop daemon which could allow an attacker to execute arbitrary commands at the privilege level of the user running ntop.

Resolutions

Do not run ntop as a daemon. To disable daemon mode, remove the -w option from ntop in the boot-up scripts. ntop can still be used safely in interactive mode.

Where can I read more about this?

The first vulnerability was posted to Bugtraq. The second was discussed in an advisory from Debian.