Yo All! ftp.udel.edu lists ntp 4.0.99k as the newest available. Any patches yet? Have the maintainers been notified? RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 On Wed, 4 Apr 2001, Przemyslaw Frasunek wrote: > /* > * Network Time Protocol Daemon (ntpd) shipped with many systems is vuln > erable > * to remote buffer overflow attack. It occurs when building response fo > r > * a query with large readvar argument. In almost all cases, ntpd is run > ning > * with superuser privileges, allowing to gain REMOTE ROOT ACCESS to tim > eserver.
- ntpd =< 4.0.99k remote buffer overflow Przemyslaw Frasunek
- Re: ntpd =< 4.0.99k remote buffer... Crist Clark
- Re: ntpd =< 4.0.99k remote bu... Tomasz Grabowski
- Re: ntpd =< 4.0.99k remot... Sebastian Piech
- Re: ntpd =< 4.0.99k remote bu... Matt Collins
- Re: ntpd =< 4.0.99k remot... Alexander Gall
- Re: ntpd =< 4.0.99k r... Casper Dik
- Re: ntpd =< 4.0.99k remot... Fyodor
- Re: ntpd =< 4.0.99k remote bu... Charles Sprickman
- Re: ntpd =< 4.0.99k remote bu... Bruce A. Mah
- Re: ntpd =< 4.0.99k remote buffer... Gary E. Miller
- Re: ntpd =< 4.0.99k remote bu... William D. Colburn (aka Schlake)
- Re: ntpd =< 4.0.99k remote buffer... Charles Sprickman
- Re: ntpd =< 4.0.99k remote bu... Jan Kluka
- Re: ntpd =< 4.0.99k remote bu... Crist Clark
- Re: ntpd =< 4.0.99k remote bu... Athanasius
- Re: ntpd =< 4.0.99k remote buffer... Klaus Steden
- Re: ntpd =< 4.0.99k remote buffer... Stephen Clouse
- Re: ntpd =< 4.0.99k remote bu... Dick St.Peters
- Re: ntpd =< 4.0.99k remote bu... Przemyslaw Frasunek
- Re: ntpd =< 4.0.99k remot... Stephen Clouse