paul Posted September 14, 2010 Report Share Posted September 14, 2010 A vulnerability has been found and corrected in ntop: The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string (CVE-2009-2732). The updated packages have been patched to correct this issue. Link to comment Share on other sites More sharing options...
Recommended Posts