Stephen Clouse writes:
> Having no effect on ntp-4.0.99k compiled from official source on Slackware
> 7.0. Exploit says /tmp/sh was spawned but it never actually runs (/bin/bash
> mode didn't change).
Run "ntpq -c rv hostname" and you'll see it does have an effect, just
not a fatal one.
$ ntpq -c rv min0
status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.0.99k Thu Apr 5 13:59:58 EDT 2001 (1)",
processor="i586",
system="M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-k^_^M-^Iv^H1M-@M-^HF^GM-^IF^LM-0^KM-^IM-sM-^MN^HM-^MV^LM-MM-^@1M-[M-^IM-X@M-MM-^@M-hM-\M-^?M-^?M-^?/tmp/shM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PwM-wM-^?M-?wM-wM-^?M-?M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P,
leap=00, stratum=3, precision=-17, rootdelay=27.130,
rootdispersion=60.163, peer=40365, refid=extreme.heaven.net,
reftime=be78ab69.f8c7192e Fri, Apr 6 2001 16:54:01.971, poll=10,
clock=be78acb0.8b546d3f Fri, Apr 6 2001 16:59:28.544, state=4,
phase=0.235, frequency=78.946, jitter=7.984, stability=0.008
That's against ntpd/4.0.99k on RedHat/Immunix, not Slackware, but I
doubt that matters since the same thing happens to ntpd/4.0.9k on an
old Sparc II running SunOS4.1.3.
--
Dick St.Peters, [EMAIL PROTECTED]
Gatekeeper, NetHeaven, Saratoga Springs, NY
Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/
GlensFalls/LakePlacid/NorthCreek/Plattsburgh/...
Oldest Internet service based in the Adirondack-Albany region
