[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Insecure Temporary File Creation Vulnerability in Net-Acct
From: "Jérôme" ATHIAS <jerome.athias () caramail ! com>
Date: 2004-09-08 4:50:54
Message-ID: 20040908045054.1530.qmail () www ! securityfocus ! com
[Download RAW message or body]
Net-Acct is a user-space daemon which generates log files of network traffic for \
accounting purposes. Initially created by Ulrich Callmeier, it is now worked upon \
occasionally by a team of volunteers on the list net-acct*CoLi.Uni-SB.DE, questions \
are best asked there or net-acct*exorsus.net.
Stefan Nordhausen has identified a local security hole in net-acct (all versions). It \
appears to be some redundant code from some time way back in the past although I'm \
not entirely sure. I have removed the code, since it doesn't actually appear to do \
anything other than create and delete a file that is referenced nowhere else. Use the \
patch at your own risk, until I've had some feedback telling me it works.
net-acct-notempfiles.patch : \
http://exorsus.net/projects/net-acct/net-acct-notempfiles.patch
For much of the functionality provided by net-acct, an alternative, \
http://savannah.nongnu.org/projects/ulog-acctd, exists which is considerably better \
at catching all the relevant packets. For the majority of problems it should be \
considered the preferable solution to net-acct (assuming you're on a linux 2.4 kernel \
of course :)
http://netacct-mysql.sourceforge.net/ is a fairly new project which is creating a \
completely mysql-customised version of net-acct. There's obviously a popular niche \
here since there seem to be a fair number of people contributing. Users looking to \
put their data straight into MySQL may well be served by taking a look.
Thomas Prokosch kindly donated another log summary script which can be found at \
http://www.nadev.net/thomas/projects/nacctstats/
Marc Haber has made available a patch for a locking problem within net-acct. If you \
are suffering from rare situations in which net-acct seems to spin out and grab all \
available cpu, this may well help.
lockpatch.txt : http://exorsus.net/projects/net-acct/lockpatch.txt
0.71 is now the latest version, changes: A patch for a small bug in the Localtime \
handling for those using the HUMAN_READBLE define.
We have a debian package available, thanks to Bernd Eckenfels , package page is at \
http://packages.debian.org/unstable/net/net-acct.html.
Known bugs
- Name based framing detection. Now, to be honest, I don't have a great idea of what \
exatly "framing" is, in this context, but if you know, tell me, or I'll end up \
figuring it out for myself when the bug list begins to annoy me :)
- Reverse masq tracking (includes patch) hopefully will go into the next version, or \
something :)
PLEASE NOTE The README file in the archive is out of date in some aspects, it is \
included for completeness however contact names, mailing list signups etc are \
incorrect.
http://exorsus.net/projects/net-acct/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic