Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Larry W. Cashdollar (lwcVapid.dhs.org)
Date: Fri Jun 15 2001 - 08:32:41 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ---------- Forwarded message ----------
    Date: Fri, 15 Jun 2001 12:31:23 +0200
    From: Juergen Schoenwaelder <schoenwibr.cs.tu-bs.de>
    To: lwcvapid.dhs.org
    Subject: Re: suid scotty (ntping) overflow (fwd)

    >>>>> Larry W Cashdollar writes:

    Larry> Sir, I am subscribed to the vuln-dev mailing list at
    Larry> securityfocus, a member has found a buffer overflow in
    Larry> ntping.c. I have dug deeper and written an exploit and made a
    Larry> recommendation for a fix. Please see below.

    I have fixed this problem in scotty 2.1.11 which I just released a few
    minutes ago.


    Juergen Schoenwaelder      Technical University Braunschweig
    <schoenwibr.cs.tu-bs.de>  Dept. Operating Systems & Computer Networks
    Phone: +49 531 391 3289    Bueltenweg 74/75, 38106 Braunschweig, Germany
    Fax:   +49 531 391 5936    <URL:http://www.ibr.cs.tu-bs.de/~schoenw/>