On Fri, Apr 06, 2001 at 08:38:18AM -0300, Durval Menezes wrote:
> If it's really vulnerable, shouldn't it have at least dumped core?
Not necessarily. 4.0.99k on OpenBSD-2.8/i386 happily kept on chugging
when I poked it with this exploit (all three demo offset variants, btw),
and this is not any special magic "audited by OpenBSD" version of ntp or
anything like that. We know 4.0.99k is vulnerable, though.
--
Erik Fichtner; Unix Ronin
http://www.obfuscation.org/techs/
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore, all progress
depends on the unreasonable." -- George Bernard Shaw
PGP signature- Re: ntpd =< 4.0.99k remote buffer overflow Ogle Ron (Rennes)
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Maciej W. Rozycki
- Re: ntpd =< 4.0.99k remote buffer overflow Chris Faulhaber
- Re: ntpd =< 4.0.99k remote buffer overflow Durval Menezes
- Re: ntpd =< 4.0.99k remote buffer overflow Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Durval Menezes
- Re: ntpd =< 4.0.99k remote buffer overfl... Crist Clark
- Re: ntpd =< 4.0.99k remote buffer overfl... Erik Fichtner
- Re: ntpd =< 4.0.99k remote buffer overflow Valdis Kletnieks
- Re: ntpd =< 4.0.99k remote buffer overflow Buhrmaster, Gary
- Re: ntpd =< 4.0.99k remote buffer overflow William W. Arnold
