Bug 518264 (CVE-2009-2732)

Summary: CVE-2009-2732 ntop: NULL pointer dereference by HTTP Basic Authentication (DoS)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: pvrabec, rakesh.pandit, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/archive/1/505876/30/0/threaded
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 15:32:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2009-08-19 17:00:58 UTC
A NULL pointer dereference flaw was found in the way Ntop used to process
Authorization HTTP header content by HTTP Basic Authentication. Remote 
attacker could issue a specially-crafted HTTP authentication request,
leading to a denial of service (ntop deamon crash).

References:
-----------
[1] http://bugs.gentoo.org/show_bug.cgi?id=281956
[2] http://www.securityfocus.com/archive/1/505876/30/0/threaded

Comment 2 Jan Lieskovsky 2009-08-21 09:01:56 UTC
MITRE's CVE-2009-2732 record:
-----------------------------

The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via an Authorization HTTP header that
lacks a : (colon) character in the base64-decoded string.

References:
-----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2732
http://www.securityfocus.com/archive/1/archive/1/505876/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/505862/100/0/threaded
http://secunia.com/advisories/36403
http://www.vupen.com/english/advisories/2009/2317

Comment 3 Jan Lieskovsky 2009-08-21 09:06:08 UTC
Hello Rakesh, Peter,

  any progress while scheduling Fedora 10, 11 updates addressing this
issue?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Comment 4 Rakesh Pandit 2009-08-23 04:55:17 UTC
Hello Jan,

I am not able to reproduce it on F10 nor F11 system with ntop-3.3.8-3.fc10.i386 and ntop-3.3.9-5.fc11.x86_64 resp. :(

Will check with few other test boxes around.

Comment 5 Rakesh Pandit 2009-09-13 10:07:26 UTC
Unfortunately I was not able to reproduce the issue on any of my boxes. Still I have patched it up without testing.

SRPM: http://rakesh.fedorapeople.org/misc/ntop-3.3.10-3.fc12.src.rpm

rawhide RPM x86_64: http://rakesh.fedorapeople.org/misc/ntop-3.3.10-3.fc12.x86_64.rpm

F11 build : http://koji.fedoraproject.org/koji/taskinfo?taskID=1674621 

It would be great if you can check whether this fix works ?

Regards,
Rakesh Pandit

Comment 11 Fedora Update System 2009-10-10 07:15:28 UTC
ntop-3.3.10-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/ntop-3.3.10-2.fc11

Comment 12 Rakesh Pandit 2009-10-10 07:16:43 UTC
Rawhide: http://koji.fedoraproject.org/koji/buildinfo?buildID=136027

Comment 13 Huzaifa S. Sidhpurwala 2009-10-26 06:15:12 UTC
Note: EL-5 version is not affected