Yo All!
ftp.udel.edu lists ntp 4.0.99k as the newest available.
Any patches yet?
Have the maintainers been notified?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701
[EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
On Wed, 4 Apr 2001, Przemyslaw Frasunek wrote:
> /*
> * Network Time Protocol Daemon (ntpd) shipped with many systems is vuln
> erable
> * to remote buffer overflow attack. It occurs when building response fo
> r
> * a query with large readvar argument. In almost all cases, ntpd is run
> ning
> * with superuser privileges, allowing to gain REMOTE ROOT ACCESS to tim
> eserver.
- ntpd =< 4.0.99k remote buffer overflow Przemyslaw Frasunek
- Re: ntpd =< 4.0.99k remote buffer... Crist Clark
- Re: ntpd =< 4.0.99k remote bu... Tomasz Grabowski
- Re: ntpd =< 4.0.99k remot... Sebastian Piech
- Re: ntpd =< 4.0.99k remote bu... Matt Collins
- Re: ntpd =< 4.0.99k remot... Alexander Gall
- Re: ntpd =< 4.0.99k r... Casper Dik
- Re: ntpd =< 4.0.99k remot... Fyodor
- Re: ntpd =< 4.0.99k remote bu... Charles Sprickman
- Re: ntpd =< 4.0.99k remote bu... Bruce A. Mah
- Re: ntpd =< 4.0.99k remote buffer... Gary E. Miller
- Re: ntpd =< 4.0.99k remote bu... William D. Colburn (aka Schlake)
- Re: ntpd =< 4.0.99k remote buffer... Charles Sprickman
- Re: ntpd =< 4.0.99k remote bu... Jan Kluka
- Re: ntpd =< 4.0.99k remote bu... Crist Clark
- Re: ntpd =< 4.0.99k remote bu... Athanasius
- Re: ntpd =< 4.0.99k remote buffer... Klaus Steden
- Re: ntpd =< 4.0.99k remote buffer... Stephen Clouse
- Re: ntpd =< 4.0.99k remote bu... Dick St.Peters
- Re: ntpd =< 4.0.99k remote bu... Przemyslaw Frasunek
- Re: ntpd =< 4.0.99k remot... Stephen Clouse
