Re: ntpd =< 4.0.99k remote buffer overflow

[Ogle Ron (Rennes)]

There is only a patch for the NTP software from
http://phk.freebsd.dk/patch/ntpd.patch.  We are going to wait for a full
released and tested version of NTP to be released from http://www.ntp.org/.
Until that time, we are blocking NTP access from the Internet (for those of
us who use Internet stratum 1 servers) for the NTP protocol.  This should be
a very low risk situation because or internal, stratum 2, server will keep
time close enough to "real" time for at least the next several days.

I suggest that other people in the same situation do the same until a proper
fix is made.

My .02
Ron Ogle

-----Original Message-----
From: Przemyslaw Frasunek [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 04, 2001 10:27 PM
To: [EMAIL PROTECTED]
Subject: ntpd =< 4.0.99k remote buffer overflow


/* ntpd remote root exploit / babcia padlina ltd.
<[EMAIL PROTECTED]> */