[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Uploaded ntop 1.2a7-11 (m68k) to erlangen



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.6
Date: Wed, 23 Aug 2000 23:33:31 -0700
Source: ntop
Binary: ntop
Architecture: m68k
Version: 1.2a7-11
Distribution: stable unstable
Urgency: high
Maintainer: Debian/m68k Build Daemon <buildd@kullervo.informatik.uni-erlangen.de>
Description: 
 ntop       - display network usage in top-like format
Closes: 69842
Changes: 
 ntop (1.2a7-11) stable unstable; urgency=high
 .
   * GRAVE security hole, install immediatly!
   * Ntop, when run in web mode, as root (this is typical use), can be
     remotely exploited to gain root access. Disabled web mode. Preinst now
     kills all ntop processes running in web mode.
   * This is also exploitable if ntop is made suid/sgid -- allows local
     users to obtain root. Ntop is not shipped this way, but suigregister
     could be used by the admin to make it suid. The preinst now removes all
     such bits, and suidregister can no longer control the program's
     permissions. Also added a README.Debian about this.
   * Reference: http://lwn.net/2000/0824/a/fb-ntop.php3
   * Recommendation: Ntop currently has no maintainer in debian, and seems
     to be full of security holes. After a reasonable period to allow
     current installations to be updated to this version, it is my opinion
     it should be removed from unstable.
   * Closes: #69842.
Files: 
 f7a59747670500f5fc4d93412d43999d 196256 net optional ntop_1.2a7-11_m68k.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>

iEYEARECAAYFAjmmOuEACgkQcS3JWD3FdvcTZwCcDIUFtJ0XDFFZetXT7Cc4uIqE
Hc8AnRAvxMpFFdxKJWIKDWC6wF6Bwkyo
=b/iC
-----END PGP SIGNATURE-----



Reply to: