[20044] in bugtraq
Re: ntpd =< 4.0.99k remote buffer overflow
daemon@ATHENA.MIT.EDU (Charles Sprickman)
Thu Apr 5 23:42:38 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.BSF.4.30.0104052001020.21512-100000@shell.inch.com>
Date: Thu, 5 Apr 2001 20:03:38 -0400
Reply-To: Charles Sprickman <spork@INCH.COM>
From: Charles Sprickman <spork@INCH.COM>
X-To: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010404222701.X91913@riget.scene.pl>
On Wed, 4 Apr 2001, Przemyslaw Frasunek wrote:
> /* ntpd remote root exploit / babcia padlina ltd. <venglin@freebsd.lublin.pl> */
Just a quick note to save others a bit of legwork... If you are running
ntpd on a machine simply as a client, the following line in /etc/ntp.conf
should keep people away:
restrict default ignore
Before adding this (I actually had the wrong syntax), the exploit crashed
ntpd. Afterwords, not a blip, and ntpdate shows that ntpd is not
answering anything...
Charles
