Re: Mrtg Path Disclosure Vulnerability

From: Barney Wolff (barneyat_private)
Date: Mon Feb 04 2002 - 09:05:59 PST

Next message: Hans Somers: "Re: Long path exploit on NTFS"

Previous message: Tamer Sahin: "Mrtg Path Disclosure Vulnerability"
In reply to: Tamer Sahin: "Mrtg Path Disclosure Vulnerability"
Next in thread: Dave Ahmad: "Re: Mrtg Path Disclosure Vulnerability"
Reply: Dave Ahmad: "Re: Mrtg Path Disclosure Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Unless I'm terribly confused, mrtg only generates files and runs off
cron, not as a cgi.  So you're dealing with something other than mrtg
itself.  Also, the current version is 2.9.18pre1.

Barney Wolff

On Mon, Feb 04, 2002 at 02:18:54AM +0200, Tamer Sahin wrote:
> 
> Summary:
> If an attacker submits a web request containing unexpected arguments
> for script variables, an error message will be displayed containing
> the path to the webroot directory of the server running the Mrtg cgi
> script.
> 
> http://host/mrtg.cgi?cfg=blabla
> 
> Tested:
> Mrtg v2.090011
> Mrtg v2.090006
> 
> Vulnerable:
> Mrtg v2.090011
> Mrtg v2.090006
> 
> And may be other.

Next message: Hans Somers: "Re: Long path exploit on NTFS"
Previous message: Tamer Sahin: "Mrtg Path Disclosure Vulnerability"
In reply to: Tamer Sahin: "Mrtg Path Disclosure Vulnerability"
Next in thread: Dave Ahmad: "Re: Mrtg Path Disclosure Vulnerability"
Reply: Dave Ahmad: "Re: Mrtg Path Disclosure Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 10:23:48 PST