[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntop-dev
Subject:    [Ntop-dev] Security stuff
From:       "Burton M. Strauss III" <Burton () ntopsupport ! com>
Date:       2002-11-13 22:21:18
Message-ID: JIEPJGFPFMFIGBNCPKGGIEIIDCAA.Burton () ntopsupport ! com
[Download RAW message or body]

A couple of items...

1. There are reports that the SOURCE for libpcap was compromised with a
Trojan like the openSSH one from a few weeks ago.  This is both libpcap and
tcpdump downloaded from http://www.tcpdump.org.  It's not yet clear when
this occurred!

http://online.securityfocus.com/archive/1/299704/2002-11-10/2002-11-16/0

ntop requires you to have libpcap installed, so if you've recently build
libpcap from source, check it out!


2. If you're not aware of it, the openSSH:

"A trojan was discovered in the OpenSSH ftp distribution on August 1st.
Anyone who upgraded between July 30 and then is encouraged to read the
following advisory to learn how their system may have been compromised. " --
more at http://www.openssh.org

ntop uses openSSH if you have it installed, so again, check your versions.


3. libpng has been recently updated to v 1.2.5 and 1.0.15.  ntop
redistributes 1.2.4.  The canonical site is
http://www.libpng.org/pub/png/libpng.html.  Because of the previous buffer
overflow problem, all of the OS vendors updated in August to 1.0.14 or
1.2.4.

ntop uses the library to CREATE properly formatted png graphics, the
processing of them is left to your browser.  There should be no problem w/
ntop, but upgrade if you are concerned.  RedHat
(http://online.securityfocus.com/archive/1/288059) describes it as "Such
deliberately malformed datastreams would crash applications that are linked
to libpng and that use the progressive reading feature. Mozilla is such an
application."

There is a recent update from SCO
(http://online.securityfocus.com/archive/1/299571) to 1.0.15 because of a
buffer overflow, but they don't say what version they used to use...





[prev in list] [next in list] [prev in thread] [next in thread]