lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 18 Aug 2009 13:11:29 -0600
Subject: (Reposting truncated message) Re: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service

Attached is a reposting of this information. The original post was

On Tue, Aug 18, 2009 at 11:13:05AM -0600, wrote:
> Title: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service
> ---------------------------------------------------------------------------------
> Vendor: ntop
> Vendor URL:
> Vendor Response: None
> Description:
> A denial of service condition can be reached by specifying an invalid value for the Authorization 
> HTTP header. When ntop recieves this, it attempts to base64 decode the value then split it based on
> a colon. When no colon exists in the decoded string the username is left at its default NULL value. 
> During the authentication process the length of the username is computed via strlen(), which results
> in a segmentation fault when it processes the null value. 
> Code:
> static int checkHTTPpassword(char *theRequestedURL,
>                              int theRequestedURLLen _UNUSED_,
>                              char* thePw, int thePwLen) {
>   char outBuffer[65], tmpOutBuffer[65], *user = NULL, users[LEN_GENERAL_WORK_BUFFER];

Dave McKinney

keyID: E461AE4E
key fingerprint = F1FC 9073 09FA F0C7 500D  D7EB E985 FAF3 E461 AE4E

View attachment "BA-ntopdos.txt" of type "text/plain" (3039 bytes)

Powered by blists - more mailing lists