CVE-2002-0412 Information
Description
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function via (1) an HTTP GET request (2) a user name in HTTP authentication or (3) a password in HTTP authentication.
Reference
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0056.html http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html http://marc.info/?l=bugtraq&m=101854261030453&w=2 http://marc.info/?l=bugtraq&m=101856541322245&w=2 http://marc.info/?l=bugtraq&m=101908224609740&w=2 http://online.securityfocus.com/archive/1/259642 http://snapshot.ntop.org/ http://www.iss.net/security_center/static/8347.php http://www.osvdb.org/5307 http://www.securityfocus.com/bid/4225
Share on: