Stay Secure with the Latest Linux Advisories

security advisorymoderateFedora

Fedora 10: FEDORA-2009-2805 Moderate: Ntop Access Log Issue

Fixed log world-writable when the --access-log-file option is used.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-2805 2009-03-18 18:32:58 --------------------------------------------------------------------------------Name : ntop Product : Fedora 10 Version : 3.3.8 Release : 3.fc10 URL : https://www.ntop.org/ Summary : A network traffic probe similar to the UNIX top command Description : ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well. ntop users can use a a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of: * a web interface * limited configuration and administration via the web interface * reduced CPU and memory usage (they vary according to network size and traffic) make ntop easy to use and suitable for monitoring various kind of networks. ntop should be manually started the first time so that the administrator password can be selected. --------------------------------------------------------------------------------Update Information: ls -lh /var/log/ntop/access.log -rw-rw-rw- 1 root root 0 2009-02-04 11:53 /var/log/ntop/access.log Fixed. log world-writable when the --access-log-file option is used. This option is not used in Fedora or Red Hat by default and is not noted in the configuration file. It is, however, noted in the ntop manpage. It would require the root user to add this option to the configuration in order for this file to be created. --------------------------------------------------------------------------------ChangeLog: *Tue Mar 17 2009 Rakesh Pandit - 3.3.8-3 - Fixed world writable accesslog (#490561) - security bug * Tue Mar 3 2009 Peter Vrabec - 3.3.8-2 - invalid certificate fix (#486725) --------------------------------------------------------------------------------References: [ 1 ] Bug #490561 - ntop: access.log created world-writable https://bugzilla.redhat.com/show_bug.cgi?id=490561 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update ntop' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fixed world-writable access log issue for ntop in Fedora 10 update FEDORA-2009-2805, ensuring user data security.. world-writable, --access-log-file, option, --------------------------------. . Severity: Important. LinuxSecurity.com Team

Apr 13, 2009 •Important Fedora