There is only a patch for the NTP software from
http://phk.freebsd.dk/patch/ntpd.patch. We are going to wait for a full
released and tested version of NTP to be released from http://www.ntp.org/.
Until that time, we are blocking NTP access from the Internet (for those of
us who use Internet stratum 1 servers) for the NTP protocol. This should be
a very low risk situation because or internal, stratum 2, server will keep
time close enough to "real" time for at least the next several days.

I suggest that other people in the same situation do the same until a proper
fix is made.

My .02
Ron Ogle

-----Original Message-----
From: Przemyslaw Frasunek [mailto:venglinFREEBSD.LUBLIN.PL]
Sent: Wednesday, April 04, 2001 10:27 PM
To: BUGTRAQSECURITYFOCUS.COM
Subject: ntpd =< 4.0.99k remote buffer overflow

/* ntpd remote root exploit / babcia padlina ltd.
<venglinfreebsd.lublin.pl> */

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]