On Wed, 4 Apr 2001, Crist Clark wrote:
> Przemyslaw Frasunek wrote:
> >
> > /* ntpd remote root exploit / babcia padlina ltd. <[EMAIL PROTECTED]> */
>
> Not good. Not good. Verified the exploit worked on FreeBSD 4.2-STABLE with
> the stock 4.0.99b. FreeBSD has a fix in CURRENT already.
>
> More sobering, blindly aiming the exploit code at a Sparc running xntpd 3.4y
> caused it to seg. fault and core. No time to double-check if that is actually
> exploitable at this moment. How many NTP distributions are based off of the
> vulnerable code? With the small payload, gaining access might be hard, but
> the potential for DoS looks pretty easy.
On IRIX 6.5.11 it also seg faults.
ntpq
ntpq> version
ntpq 3-5.93e Thu Dec 10 10:49:39 PST 1998 (1)
ntpq> quit
It's rather old isn't it?
It's the default IRIX 6.5.11 installation.
