[20091] in bugtraq
Re: ntpd =< 4.0.99k remote buffer overflow
daemon@ATHENA.MIT.EDU (Athanasius)
Mon Apr 9 03:47:56 2001
Mail-Followup-To: Athanasius <Athanasius@miggy.org>,
Charles Sprickman <spork@INCH.COM>, BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010406182915.A18289@miggy.org>
Date: Fri, 6 Apr 2001 18:29:15 +0100
Reply-To: Athanasius <Athanasius@MIGGY.ORG>
From: Athanasius <Athanasius@MIGGY.ORG>
X-To: Charles Sprickman <spork@INCH.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.30.0104052001020.21512-100000@shell.inch.com>; from
spork@INCH.COM on Thu, Apr 05, 2001 at 08:03:38PM -0400
On Thu, Apr 05, 2001 at 08:03:38PM -0400, Charles Sprickman wrote:
> On Wed, 4 Apr 2001, Przemyslaw Frasunek wrote:
>
> > /* ntpd remote root exploit / babcia padlina ltd. <venglin@freebsd.lublin.pl> */
>
> Just a quick note to save others a bit of legwork... If you are running
> ntpd on a machine simply as a client, the following line in /etc/ntp.conf
> should keep people away:
>
> restrict default ignore
If you want ntpq to be useable to check the local ntp daemon you'll
want to add something like:
restrict 127.0.0.1
This, of course, assumes you have some other filtering restricting
loopback addresses to the loopback interface only.
-Ath
--
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
Finger athan(at)fysh.org for PGP key
"And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
