[20057] in bugtraq
Re: ntpd =< 4.0.99k remote buffer overflow
daemon@ATHENA.MIT.EDU (Stephen Clouse)
Fri Apr 6 14:03:10 2001
Mail-Followup-To: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>,
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain
Content-Disposition: inline; filename="msg.pgp"
Message-ID: <20010405225645.A280@owns.warpcore.org>
Date: Thu, 5 Apr 2001 22:56:45 -0500
Reply-To: Stephen Clouse <stephenc@THEIQGROUP.COM>
From: Stephen Clouse <stephenc@THEIQGROUP.COM>
X-To: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010404222701.X91913@riget.scene.pl>; from
venglin@FREEBSD.LUBLIN.PL on Wed, Apr 04, 2001 at 10:27:01PM +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Having no effect on ntp-4.0.99k compiled from official source on Slackware
7.0. Exploit says /tmp/sh was spawned but it never actually runs (/bin/bash
mode didn't change).
- --
Stephen Clouse <stephenc@theiqgroup.com>
Senior Programmer, IQ Coordinator Project Lead
The IQ Group, Inc. <http://www.theiqgroup.com/>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBOs0+fQOGqGs0PadnEQKscQCfYNJ7FaEtsTsszoMV808EtU4ICesAoLp3
WBFZUQZ0nrNyd/MwAG0178Qu
=YatU
-----END PGP SIGNATURE-----
