Hi Giuseppe
Thanks a lot for the report. The attached patch should solve
this problem.
To the security team. Do you want me to upload this to stable in
addition to unstable?
Please also review if you think this solution is good enough?
// Ola
On Mon, Aug 24, 2009 at 08:46:17AM +0200, Giuseppe Iuculano wrote:
> Package: ntop
> Severity: serious
> Tags: security
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for ntop.
>
> CVE-2009-2732[0]:
> | The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier
> | allows remote attackers to cause a denial of service (NULL pointer
> | dereference and daemon crash) via an Authorization HTTP header that
> | lacks a : (colon) character in the base64-decoded string.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2732
> http://security-tracker.debian.net/tracker/CVE-2009-2732
>
> Cheers,
> Giuseppe.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkqSNzUACgkQNxpp46476aqaRwCePEnRlTpotXKtcCnxSRnqbSoX
> imEAnRKiKt/JAzk57KKzHsAMFEo/v66K
> =DhPT
> -----END PGP SIGNATURE-----
>
>
>
--
--------------------- Ola Lundqvist ---------------------------
/ o...@debian.org Annebergsslingan 37 \
| o...@inguza.com 654 65 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--- http.c~ 2007-06-09 16:33:45.000000000 +0200
+++ http.c 2009-09-27 09:50:56.420394637 +0200
@@ -3377,8 +3377,8 @@ static int checkHTTPpassword(char *theRe
i = decodeString(thePw, (unsigned char*)outBuffer, sizeof(outBuffer));
- if(i == 0) {
user = "", thePw[0] = '\0';
+ if(i == 0) {
outBuffer[0] = '\0';
} else {
outBuffer[i] = '\0';
