On Wed, 4 Apr 2001, Przemyslaw Frasunek wrote: > /* ntpd remote root exploit / babcia padlina ltd. <[EMAIL PROTECTED]> */ Attempting this on a Redhat 6.2 system with xntp3-5.93 did not seem execute /tmp/sh or crash immediately but it did cause some corruption in xntpd as can be seen below. /usr/sbin/ntpq localhost ntpq> rl status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg system="M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-k^_^M-^Iv^H1M-@M-^HF^GM-^IF^LM-0^KM-^IM-sM-^MN^HM-^MV^LM-MM-^@1M-[M-^IM-X@M-MM-^@M-hM-\M-^?M-^?M-^?/tmp/shM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PwM-wM-^?M-?wM-wM-^?M-?M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P, leap=00, stratum=4, rootdelay=78.70, rootdispersion=98.05, peer=12340, refid=my.ntp.server, reftime=be79abbf.f4677000 Sat, Apr 7 2001 11:07:43.954, poll=6, clock=be79abfe.47251000 Sat, Apr 7 2001 11:08:46.277, phase=0.317, freq=41029.82, error=0.12 ntpq> Viraj.
- Re: ntpd =< 4.0.99k remote buffer overflow Charles Sprickman
- Re: ntpd =< 4.0.99k remote buffer overflow Jan Kluka
- Re: ntpd =< 4.0.99k remote buffer overflow Crist Clark
- Re: ntpd =< 4.0.99k remote buffer overflow Athanasius
- Re: ntpd =< 4.0.99k remote buffer overflow Klaus Steden
- Re: ntpd =< 4.0.99k remote buffer overflow Stephen Clouse
- Re: ntpd =< 4.0.99k remote buffer overflow Dick St.Peters
- Re: ntpd =< 4.0.99k remote buffer overflow Przemyslaw Frasunek
- Re: ntpd =< 4.0.99k remote buffer overflow Stephen Clouse
- Re: ntpd =< 4.0.99k remote buffer overflow Rex Sanders
- ntpd - new Debian 2.2 (potato) version is also vulnera... Viraj Alankar
- ntpd - new Debian 2.2 (potato) version is also vu... Daniel Kiper
- Re: ntpd =< 4.0.99k remote buffer overflow Ogle Ron (Rennes)
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Maciej W. Rozycki
- Re: ntpd =< 4.0.99k remote buffer overflow Chris Faulhaber
- Re: ntpd =< 4.0.99k remote buffer overflow Durval Menezes
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Durval Menezes
- Re: ntpd =< 4.0.99k remote buffer over... Crist Clark