-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Apr 07, 2001 at 09:26:43AM +0200, Przemyslaw Frasunek wrote:
> As I said, exploiting this overflow isn't so easy -- offset and align
> values vary from platform to platform. Exploit was tested only
> on bare RedHat 7.0 and FreeBSD 4.2-STABLE compiled with -O6 -fomit-frame-pointer
> -march=pentiumpro.
>
> Did your ntpd segfaulted after running an exploit?

Nope, it keeps running normally -- it's still in perfect sync with our main time
server.

I am now noticing that it definitely overflows *something*, though -- someone
pointed out querying the local ntpd's status:

status=0684 leap_none, sync_ntp, 8 events, event_peer/strat_chg,
version="ntpd 4.0.99k Sun Apr 1 04:00:13 CDT 2001 (2)",
processor="i686",
system="M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-k^_^M-^Iv^H1M-M-^HF^
GM-^IF^LM-0^KM-^IM-sM-^MN^HM-^MV^LM-MM-^1M-[M-^IM-XM-MM-^M-hM-\M-^?M-^?M-^?/
tmp/shM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
- -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PwM-wM-^?M-?w
M-wM-^?M-?M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
- -^PM-^PM-^P,
leap=00, stratum=5, precision=-17, rootdelay=217.951,
rootdispersion=153.179, peer=21044, refid=fs1.theiqgroup.com,
reftime=be7a357a.7fa615a8 Sat, Apr 7 2001 19:55:22.498, poll=9,
clock=be7a364e.b7422467 Sat, Apr 7 2001 19:58:54.715, state=4,
phase=0.224, frequency=-4.567, jitter=0.042, stability=0.004

So the initial assessment is probably wrong. However, I wasted a whole
afternoon searching and cannot for the life of me find the offset where this
data ends up....

- --
Stephen Clouse <stephenctheiqgroup.com>
Senior Programmer, IQ Coordinator Project Lead
The IQ Group, Inc. <http://www.theiqgroup.com/>

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBOs++5gOGqGs0PadnEQJDCQCfWzZkX6q2RT5fl0OlmR9qL/uQ2+YAn1Cm
46oHzsFjpYgeDq3IME5Y3m1c
=6LdC
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]