[20089] in bugtraq
Re: ntpd =< 4.0.99k remote buffer overflow
daemon@ATHENA.MIT.EDU (Erik Fichtner)
Mon Apr 9 03:39:04 2001
Mail-Followup-To: Durval Menezes <durval@TMP.COM.BR>, BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="/Rh48Y0bnrojh5Wm"
Content-Disposition: inline
Message-ID: <20010406223622.U1715@obfuscation.org>
Date: Fri, 6 Apr 2001 22:36:22 -0400
Reply-To: techs@obfuscation.org
From: Erik Fichtner <techs@obfuscation.org>
X-To: Durval Menezes <durval@TMP.COM.BR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010406083817.C17140@tmp.com.br>; from durval@TMP.COM.BR on
Fri, Apr 06, 2001 at 08:38:18AM -0300
--/Rh48Y0bnrojh5Wm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Apr 06, 2001 at 08:38:18AM -0300, Durval Menezes wrote:
> If it's really vulnerable, shouldn't it have at least dumped core?
Not necessarily. 4.0.99k on OpenBSD-2.8/i386 happily kept on chugging=20
when I poked it with this exploit (all three demo offset variants, btw),
and this is not any special magic "audited by OpenBSD" version of ntp or
anything like that. We know 4.0.99k is vulnerable, though.=20
--=20
Erik Fichtner; Unix Ronin
http://www.obfuscation.org/techs/
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore, all progress
depends on the unreasonable." -- George Bernard Shaw
--/Rh48Y0bnrojh5Wm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjrOfSUACgkQDf8awdbGHo2lowCgykFWNzUdJQS/ripEmpzsVmZG
sgsAn2xUC7LiT53YwjrgT2BrEx7uxUF8
=3wsW
-----END PGP SIGNATURE-----
--/Rh48Y0bnrojh5Wm--
