Ntop Red Hat Initialisation Script Insecure Temporary File Creation - Linux Links

News Sections

Home
General News (3972/0)
Reviews (626/0)
Press Releases (464/0)
Distributions (187/0)
Software (807/0)
Hardware (522/0)
Security (192/0)
Tutorials (337/0)
Off Topic (180/0)

User Functions

Don't have an account yet? Sign up as a New User

Events

There are no upcoming events

Ntop Red Hat Initialisation Script Insecure Temporary File Creation

Monday, October 31 2005 @ 04:02 PM EST
Contributed by: sde

nnposter has reported a vulnerability in Ntop, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.

The vulnerability is caused due to Red Hat initialisation script, "packages/RedHat/ntop.init", creating the "ntopinitparms" temporary file insecurely in "/tmp". This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user running the affected script.
Advisory

[ Views: 2006 ]

Ntop Red Hat Initialisation Script Insecure Temporary File Creation | 0 comments | Create New Account

The following comments are owned by whoever posted them. This site is not responsible for what they say.

No user comments.

What's Related

Advisory

More by sde

More from Security

Story Options

Mail Story to a Friend

Printable Story Format

We have written a range of guides highlighting excellent free books for popular programming languages. Check out the following guides: C, C++, C#, Java, JavaScript, CoffeeScript, HTML, Python, Ruby, Perl, Haskell, PHP, Lisp, R, Prolog, Scala, Scheme, and SQL.