A couple of items... 1. There are reports that the SOURCE for libpcap was compromised with a Trojan like the openSSH one from a few weeks ago. This is both libpcap and tcpdump downloaded from http://www.tcpdump.org. It's not yet clear when this occurred!
http://online.securityfocus.com/archive/1/299704/2002-11-10/2002-11-16/0 ntop requires you to have libpcap installed, so if you've recently build libpcap from source, check it out! 2. If you're not aware of it, the openSSH: "A trojan was discovered in the OpenSSH ftp distribution on August 1st. Anyone who upgraded between July 30 and then is encouraged to read the following advisory to learn how their system may have been compromised. " -- more at http://www.openssh.org ntop uses openSSH if you have it installed, so again, check your versions. 3. libpng has been recently updated to v 1.2.5 and 1.0.15. ntop redistributes 1.2.4. The canonical site is http://www.libpng.org/pub/png/libpng.html. Because of the previous buffer overflow problem, all of the OS vendors updated in August to 1.0.14 or 1.2.4. ntop uses the library to CREATE properly formatted png graphics, the processing of them is left to your browser. There should be no problem w/ ntop, but upgrade if you are concerned. RedHat (http://online.securityfocus.com/archive/1/288059) describes it as "Such deliberately malformed datastreams would crash applications that are linked to libpng and that use the progressive reading feature. Mozilla is such an application." There is a recent update from SCO (http://online.securityfocus.com/archive/1/299571) to 1.0.15 because of a buffer overflow, but they don't say what version they used to use... _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
