Chiaki Ishikawa <[EMAIL PROTECTED]> writes:
> Has anyone tested the exploit against embedded ntp implementations
> such as in Cisco router, for example, to see if the daemon would
> misbehave, etc.?
I couldn't do anything to the NTP implementation of a Cisco router
here with the stock "ntpdx" exploit as it was posted. (It doesn't
crash, it doesn't exhibit same heap corruption as xntpd v3.)
Which, of course, doesn't mean IOS isn't vulnerable.
Crafting an exploit that would do something useful (as opposed to make
the router stop serving time) would be quite difficult though without
IOS internals knowledge, so there's some consolation here.
--
Stanislav Shalunov http://www.internet2.edu/~shalunov/
Sex is the mathematics urge sublimated. -- M. C. Reed.
