Bug 518264 (CVE-2009-2732)
Summary: | CVE-2009-2732 ntop: NULL pointer dereference by HTTP Basic Authentication (DoS) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | pvrabec, rakesh.pandit, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/archive/1/505876/30/0/threaded | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-08-22 15:32:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Lieskovsky
2009-08-19 17:00:58 UTC
MITRE's CVE-2009-2732 record: ----------------------------- The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2732 http://www.securityfocus.com/archive/1/archive/1/505876/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/505862/100/0/threaded http://secunia.com/advisories/36403 http://www.vupen.com/english/advisories/2009/2317 Hello Rakesh, Peter, any progress while scheduling Fedora 10, 11 updates addressing this issue? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team Hello Jan, I am not able to reproduce it on F10 nor F11 system with ntop-3.3.8-3.fc10.i386 and ntop-3.3.9-5.fc11.x86_64 resp. :( Will check with few other test boxes around. Unfortunately I was not able to reproduce the issue on any of my boxes. Still I have patched it up without testing. SRPM: http://rakesh.fedorapeople.org/misc/ntop-3.3.10-3.fc12.src.rpm rawhide RPM x86_64: http://rakesh.fedorapeople.org/misc/ntop-3.3.10-3.fc12.x86_64.rpm F11 build : http://koji.fedoraproject.org/koji/taskinfo?taskID=1674621 It would be great if you can check whether this fix works ? Regards, Rakesh Pandit ntop-3.3.10-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/ntop-3.3.10-2.fc11 Note: EL-5 version is not affected |