Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 10: FEDORA-2009-2805 Moderate: Ntop Access Log Issue

fedora
Calendar Grey April 13, 2009
Dist Fedora Esm H88
Fixed world-writable access log issue for ntop in Fedora 10 update FEDORA-2009-2805, ensuring user data security.
Fixed log world-writable when the --access-log-file option is used.

Summary

ntop is a network traffic probe that shows the network usage, similar to what

the popular top Unix command does. ntop is based on libpcap and it has been

written in a portable way in order to virtually run on every Unix platform and

on Win32 as well.

ntop users can use a a web browser (e.g. netscape) to navigate through ntop

(that acts as a web server) traffic information and get a dump of the network

status. In the latter case, ntop can be seen as a simple RMON-like agent with

an embedded web interface. The use of:

* a web interface

* limited configuration and administration via the web interface

* reduced CPU and memory usage (they vary according to network size and

traffic)

make ntop easy to use and suitable for monitoring various kind of networks.

ntop should be manually started the first time so that the administrator

password can be selected.

ls -lh /var/log/ntop/access.log -rw-rw-rw- 1 root root 0 2009-02-04 11:53

/var/log/ntop/access.log Fixed. log world-writable when the --access-log-file option is used. This option is not used in Fedora or Red Hat by default

and is not noted in the configuration file. It is, however, noted in the ntop

manpage. It would require the root user to add this option to the configuration

in order for this file to be created.

* Tue Mar 17 2009 Rakesh Pandit - 3.3.8-3

- Fixed world writable accesslog (#490561) - security bug

* Tue Mar 3 2009 Peter Vrabec - 3.3.8-2

- invalid certificate fix (#486725)

[ 1 ] Bug #490561 - ntop: access.log created world-writable

https://bugzilla.redhat.com/show_bug.cgi?id=490561

su -c 'yum update ntop' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory moderate Fedora network monitoring ntop access log log fix

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 10
Version: 3.3.8
Release: 3.fc10
URL: https://www.ntop.org/
Summary: A network traffic probe similar to the UNIX top command

Topics%20covered

Topics Covered

security advisory moderate Fedora network monitoring ntop access log log fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here