[20050] in bugtraq
Re: ntpd =< 4.0.99k remote buffer overflow
daemon@ATHENA.MIT.EDU (Charles Sprickman)
Fri Apr 6 04:25:33 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.BSF.4.30.0104051512090.21512-100000@shell.inch.com>
Date: Thu, 5 Apr 2001 15:12:58 -0400
Reply-To: Charles Sprickman <spork@INCH.COM>
From: Charles Sprickman <spork@INCH.COM>
X-To: Crist Clark <crist.clark@GLOBALSTAR.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3ACBCF0D.847AECA4@globalstar.com>
On Wed, 4 Apr 2001, Crist Clark wrote:
> Playing with 'restrict' statements in the ntp.conf will prevent the
> attacks (I tried, looks like it works), but with UDP NTP so trivial to
> spoof, that only will get you so far. But can I assume that properly
> using authorization keys will protect you from this attack (assuming
> whoever else has the keys is trusted) in a similar way? My guess is
> that it should, but I have not had the chance to double check the
> protocol or actually run the test on that one.
Has anyone verified that the access list prevents such things?
Thanks,
Charles
> But this really troubling when trying to use a public NTP server.
> --
> Crist J. Clark Network Security Engineer
> crist.clark@globalstar.com Globalstar, L.P.
> (408) 933-4387 FAX: (408) 933-4926
>
> The information contained in this e-mail message is confidential,
> intended only for the use of the individual or entity named above. If
> the reader of this e-mail is not the intended recipient, or the employee
> or agent responsible to deliver it to the intended recipient, you are
> hereby notified that any review, dissemination, distribution or copying
> of this communication is strictly prohibited. If you have received this
> e-mail in error, please contact postmaster@globalstar.com
>
