There is only a patch for the NTP software from http://phk.freebsd.dk/patch/ntpd.patch. We are going to wait for a full released and tested version of NTP to be released from http://www.ntp.org/. Until that time, we are blocking NTP access from the Internet (for those of us who use Internet stratum 1 servers) for the NTP protocol. This should be a very low risk situation because or internal, stratum 2, server will keep time close enough to "real" time for at least the next several days. I suggest that other people in the same situation do the same until a proper fix is made. My .02 Ron Ogle -----Original Message----- From: Przemyslaw Frasunek [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 04, 2001 10:27 PM To: [EMAIL PROTECTED] Subject: ntpd =< 4.0.99k remote buffer overflow /* ntpd remote root exploit / babcia padlina ltd. <[EMAIL PROTECTED]> */
- Re: ntpd =< 4.0.99k remote buffer overflow Crist Clark
- Re: ntpd =< 4.0.99k remote buffer overflow Athanasius
- Re: ntpd =< 4.0.99k remote buffer overflow Klaus Steden
- Re: ntpd =< 4.0.99k remote buffer overflow Stephen Clouse
- Re: ntpd =< 4.0.99k remote buffer overflow Dick St.Peters
- Re: ntpd =< 4.0.99k remote buffer overflow Przemyslaw Frasunek
- Re: ntpd =< 4.0.99k remote buffer overflow Stephen Clouse
- Re: ntpd =< 4.0.99k remote buffer overflow Rex Sanders
- Re: ntpd =< 4.0.99k remote buffer overflow Viraj Alankar
- ntpd - new Debian 2.2 (potato) version is also vu... Daniel Kiper
- Re: ntpd =< 4.0.99k remote buffer overflow Ogle Ron (Rennes)
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Maciej W. Rozycki
- Re: ntpd =< 4.0.99k remote buffer overflow Chris Faulhaber
- Re: ntpd =< 4.0.99k remote buffer overflow Durval Menezes
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Durval Menezes
- Re: ntpd =< 4.0.99k remote buffer over... Crist Clark
- Re: ntpd =< 4.0.99k remote buffer over... Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Valdis Kletnieks