On Fri, Apr 06, 2001 at 08:38:18AM -0300, Durval Menezes wrote: > If it's really vulnerable, shouldn't it have at least dumped core? Not necessarily. 4.0.99k on OpenBSD-2.8/i386 happily kept on chugging when I poked it with this exploit (all three demo offset variants, btw), and this is not any special magic "audited by OpenBSD" version of ntp or anything like that. We know 4.0.99k is vulnerable, though. -- Erik Fichtner; Unix Ronin http://www.obfuscation.org/techs/ "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable." -- George Bernard Shaw
- Re: ntpd =< 4.0.99k remote buffer overflow Ogle Ron (Rennes)
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Maciej W. Rozycki
- Re: ntpd =< 4.0.99k remote buffer overflow Chris Faulhaber
- Re: ntpd =< 4.0.99k remote buffer overflow Durval Menezes
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Durval Menezes
- Re: ntpd =< 4.0.99k remote buffer overfl... Crist Clark
- Re: ntpd =< 4.0.99k remote buffer overfl... Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Valdis Kletnieks
- Re: ntpd =< 4.0.99k remote buffer overflow Buhrmaster, Gary
- Re: ntpd =< 4.0.99k remote buffer overflow William W. Arnold