Uploaded ntop 1.2a7-11 (sparc) to ftp-master
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.6
Date: Wed, 23 Aug 2000 23:33:31 -0700
Source: ntop
Binary: ntop
Architecture: sparc
Version: 1.2a7-11
Distribution: unstable
Urgency: high
Maintainer: Debian/SPARC Build Daemon <buildd@xia03.kachinatech.com>
Description:
ntop - display network usage in top-like format
Closes: 69842
Changes:
ntop (1.2a7-11) stable unstable; urgency=high
.
* GRAVE security hole, install immediatly!
* Ntop, when run in web mode, as root (this is typical use), can be
remotely exploited to gain root access. Disabled web mode. Preinst now
kills all ntop processes running in web mode.
* This is also exploitable if ntop is made suid/sgid -- allows local
users to obtain root. Ntop is not shipped this way, but suigregister
could be used by the admin to make it suid. The preinst now removes all
such bits, and suidregister can no longer control the program's
permissions. Also added a README.Debian about this.
* Reference: http://lwn.net/2000/0824/a/fb-ntop.php3
* Recommendation: Ntop currently has no maintainer in debian, and seems
to be full of security holes. After a reasonable period to allow
current installations to be updated to this version, it is my opinion
it should be removed from unstable.
* Closes: #69842.
Files:
f37ee1c74fba68f6b02257ef05237c3a 215448 net optional ntop_1.2a7-11_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Ben Collins <bcollins@debian.org>
iD8DBQE5pbO6fNc/ZB4E7C0RAsoyAJ9VEvwAzaO5jDU7tyBI9g+e0kTXggCcDQLf
KcWtn6DBr3HUEVlE2Vd9pXs=
=uBKh
-----END PGP SIGNATURE-----
Reply to: