Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Tomasz Grabowski (cadenceAPOLLO.ACI.COM.PL)
Date: Thu Apr 05 2001 - 07:08:42 CDT
On Wed, 4 Apr 2001, Crist Clark wrote:
> Przemyslaw Frasunek wrote:
> > /* ntpd remote root exploit / babcia padlina ltd. <venglinfreebsd.lublin.pl> */
> Not good. Not good. Verified the exploit worked on FreeBSD 4.2-STABLE with
> the stock 4.0.99b. FreeBSD has a fix in CURRENT already.
> More sobering, blindly aiming the exploit code at a Sparc running xntpd 3.4y
> caused it to seg. fault and core. No time to double-check if that is actually
> exploitable at this moment. How many NTP distributions are based off of the
> vulnerable code? With the small payload, gaining access might be hard, but
> the potential for DoS looks pretty easy.
On IRIX 6.5.11 it also seg faults.
ntpq 3-5.93e Thu Dec 10 10:49:39 PST 1998 (1)
It's rather old isn't it?
It's the default IRIX 6.5.11 installation.