Bug 518264 (CVE-2009-2732) - CVE-2009-2732 ntop: NULL pointer dereference by HTTP Basic Authentication (DoS)
Summary: CVE-2009-2732 ntop: NULL pointer dereference by HTTP Basic Authentication (DoS)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-2732
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://www.securityfocus.com/archive/...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-19 17:00 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:31 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-22 15:32:57 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2009-08-19 17:00:58 UTC
A NULL pointer dereference flaw was found in the way Ntop used to process
Authorization HTTP header content by HTTP Basic Authentication. Remote 
attacker could issue a specially-crafted HTTP authentication request,
leading to a denial of service (ntop deamon crash).

References:
-----------
[1] http://bugs.gentoo.org/show_bug.cgi?id=281956
[2] http://www.securityfocus.com/archive/1/505876/30/0/threaded

Comment 2 Jan Lieskovsky 2009-08-21 09:01:56 UTC
MITRE's CVE-2009-2732 record:
-----------------------------

The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via an Authorization HTTP header that
lacks a : (colon) character in the base64-decoded string.

References:
-----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2732
http://www.securityfocus.com/archive/1/archive/1/505876/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/505862/100/0/threaded
http://secunia.com/advisories/36403
http://www.vupen.com/english/advisories/2009/2317

Comment 3 Jan Lieskovsky 2009-08-21 09:06:08 UTC
Hello Rakesh, Peter,

  any progress while scheduling Fedora 10, 11 updates addressing this
issue?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Comment 4 Rakesh Pandit 2009-08-23 04:55:17 UTC
Hello Jan,

I am not able to reproduce it on F10 nor F11 system with ntop-3.3.8-3.fc10.i386 and ntop-3.3.9-5.fc11.x86_64 resp. :(

Will check with few other test boxes around.

Comment 5 Rakesh Pandit 2009-09-13 10:07:26 UTC
Unfortunately I was not able to reproduce the issue on any of my boxes. Still I have patched it up without testing.

SRPM: http://rakesh.fedorapeople.org/misc/ntop-3.3.10-3.fc12.src.rpm

rawhide RPM x86_64: http://rakesh.fedorapeople.org/misc/ntop-3.3.10-3.fc12.x86_64.rpm

F11 build : http://koji.fedoraproject.org/koji/taskinfo?taskID=1674621 

It would be great if you can check whether this fix works ?

Regards,
Rakesh Pandit

Comment 11 Fedora Update System 2009-10-10 07:15:28 UTC
ntop-3.3.10-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/ntop-3.3.10-2.fc11

Comment 12 Rakesh Pandit 2009-10-10 07:16:43 UTC
Rawhide: http://koji.fedoraproject.org/koji/buildinfo?buildID=136027

Comment 13 Huzaifa S. Sidhpurwala 2009-10-26 06:15:12 UTC
Note: EL-5 version is not affected


Note You need to log in before you can comment on or make changes to this bug.