Red Hat Powertools 6.2 RHSA-2000:049-02 critical flaw in ntop access
Summary
Summary
If ntop is run with the Web interface it allows any user to connect andaccess all files on the host machine.
Solution
For the Alpha architecture please remove ntop by running:
rpm -e ntop
For Sparc and i386 run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed ( for more info):
N/A
6. RPMs required:
Red Hat Powertools 6.2:
sparc:
i386:
sources:
7. Verification:
MD5 sum Package Name
8620607a310e28385cfc4961b3c909a9 6.2/SRPMS/ntop-1.3.1-1.src.rpm
188636458d73d66ea6e7d61aec64fc5b 6.2/i386/ntop-1.3.1-1.i386.rpm
e6415fc286119023f321ce7e5bdbfce9 6.2/sparc/ntop-1.3.1-1.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
You can verify each package with the following command:
rpm --checksig
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg
References
N/A Copyright(c) 2000 Red Hat, Inc. `
Package List
Topic
Topic
The version of ntop which was included in Red Hat Powertools 6.2 has a
remote exploit in which arbitrary files can be read on the host machine.
Relevant Releases Architectures
Red Hat Powertools 6.2 - i386, alpha, sparc
Bugs Fixed