Vigil@nce: ntop, altering the log file
April 2009 by Vigil@nce
A local attacker can alter the log file created by ntop.
– Severity: 1/4
– Consequences: data creation/edition
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 21/04/2009
IMPACTED PRODUCTS
– Fedora
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The ntop program displays network statistics. The
—access-log-file option indicates the name of the log file to use
when ntop runs as a daemon.
The initAccessLog() function of the http.c file creates this file
with the mode 0666, which means without restricting the mask.
A local attacker can therefore alter the log file if it is created
in a directory where he can access.
CHARACTERISTICS
– Identifiers: BID-34597, FEDORA-2009-2805, VIGILANCE-VUL-8656
– Url: http://vigilance.fr/vulnerability/ntop-altering-the-log-file-8656
To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2