|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Gary E. Miller (gem
RELLIM.COM)Date: Wed Apr 04 2001 - 16:38:13 CDT
Yo All!
ftp.udel.edu lists ntp 4.0.99k as the newest available.
Any patches yet?
Have the maintainers been notified?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701
gemrellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
On Wed, 4 Apr 2001, Przemyslaw Frasunek wrote:
> /*
> * Network Time Protocol Daemon (ntpd) shipped with many systems is vuln
> erable
> * to remote buffer overflow attack. It occurs when building response fo
> r
> * a query with large readvar argument. In almost all cases, ntpd is run
> ning
> * with superuser privileges, allowing to gain REMOTE ROOT ACCESS to tim
> eserver.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]