USN-4842-1: ntopng vulnerability

Publication date

15 March 2021

Overview

ntopng could be made to allow unintended access


Packages

  • ntopng - High-Speed Web-based Traffic Analysis and Flow Collection Tool

Details

It was discovered that ntopng did not properly seed its random number
generator, leading to predictable session tokens. An attacker could use
this vulnerability to hijack a user’s session.

It was discovered that ntopng did not properly seed its random number
generator, leading to predictable session tokens. An attacker could use
this vulnerability to hijack a user’s session.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.04 bionic ntopng –  3.2+dfsg1-1ubuntu0.1~esm2  
16.04 xenial ntopng –  2.2+dfsg1-1ubuntu0.1~esm2  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›