[20160] in bugtraq
Re: ntp-4.99k23.tar.gz is available
daemon@ATHENA.MIT.EDU (Dick St.Peters)
Wed Apr 11 15:28:49 2001
Message-ID: <15060.31860.735648.792307@saint.heaven.net>
Date: Wed, 11 Apr 2001 11:47:00 -0400
Reply-To: "Dick St.Peters" <stpeters@NETHEAVEN.COM>
From: "Dick St.Peters" <stpeters@NETHEAVEN.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3AD35654.21D61A37@globalstar.com>
> > Has anyone tested the exploit against embedded ntp implementations
> > such as in Cisco router, for example, to see
> > if the daemon would misbehave, etc.?
>
> Cisco has said they are aware of the advisories and investigating the
> issue. That's all I know. I do not have a convenient sacrificial Cisco
> box at the moment... but I probabaly should go set one up for this
> and other games.
I tried the exploit against a cisco 2614/IOS 10.3 and a cisco 3640/IOS
12.0 when the exploit first came out, and there was no evidence of any
effect.
Since April 7 I've been running ntpd/4.99k23 on an assortment of Linux
systems and on a pair of antique Sparc 2's running SunOS 4.1.3. All
seem happy, are keeping good time, and are unaffected by the exploit.
--
Dick St.Peters, stpeters@NetHeaven.com
