| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090818191129.GA32084@securityfocus.com>
Date: Tue, 18 Aug 2009 13:11:29 -0600
From: dm@...urityfocus.com
To: bugtraq@...urityfocus.com
Subject: (Reposting truncated message) Re: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service
Attached is a reposting of this information. The original post was
truncated.
On Tue, Aug 18, 2009 at 11:13:05AM -0600, brad.antoniewicz@...ndstone.com wrote:
> Title: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service
> ---------------------------------------------------------------------------------
>
> Vendor: ntop
>
> Vendor URL: www.ntop.org
>
> Vendor Response: None
>
> Description:
>
> A denial of service condition can be reached by specifying an invalid value for the Authorization
> HTTP header. When ntop recieves this, it attempts to base64 decode the value then split it based on
> a colon. When no colon exists in the decoded string the username is left at its default NULL value.
> During the authentication process the length of the username is computed via strlen(), which results
> in a segmentation fault when it processes the null value.
>
> Code:
>
> static int checkHTTPpassword(char *theRequestedURL,
> int theRequestedURLLen _UNUSED_,
> char* thePw, int thePwLen) {
> char outBuffer[65], tmpOutBuffer[65], *user = NULL, users[LEN_GENERAL_WORK_BUFFER];
--
Dave McKinney
Symantec
keyID: E461AE4E
key fingerprint = F1FC 9073 09FA F0C7 500D D7EB E985 FAF3 E461 AE4E
View attachment "BA-ntopdos.txt" of type "text/plain" (3039 bytes)
Powered by blists - more mailing lists