[20040] in bugtraq
Re: ntpd =< 4.0.99k remote buffer overflow
daemon@ATHENA.MIT.EDU (Ogle Ron (Rennes))
Thu Apr 5 21:51:48 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <05B4910E0216D411B14F00508B6A67A901213F7E@RENEXCH5.rennes.thmulti.com>
Date: Thu, 5 Apr 2001 11:38:47 +0200
Reply-To: "Ogle Ron (Rennes)" <OgleR@THMULTI.COM>
From: "Ogle Ron (Rennes)" <OgleR@THMULTI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
There is only a patch for the NTP software from
http://phk.freebsd.dk/patch/ntpd.patch. We are going to wait for a full
released and tested version of NTP to be released from http://www.ntp.org/.
Until that time, we are blocking NTP access from the Internet (for those of
us who use Internet stratum 1 servers) for the NTP protocol. This should be
a very low risk situation because or internal, stratum 2, server will keep
time close enough to "real" time for at least the next several days.
I suggest that other people in the same situation do the same until a proper
fix is made.
My .02
Ron Ogle
-----Original Message-----
From: Przemyslaw Frasunek [mailto:venglin@FREEBSD.LUBLIN.PL]
Sent: Wednesday, April 04, 2001 10:27 PM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: ntpd =< 4.0.99k remote buffer overflow
/* ntpd remote root exploit / babcia padlina ltd.
<venglin@freebsd.lublin.pl> */
