[20166] in bugtraq
Re: ntp-4.99k23.tar.gz is available
daemon@ATHENA.MIT.EDU (Fyodor)
Wed Apr 11 18:30:14 2001
Mail-Followup-To: stanislav shalunov <shalunov@INTERNET2.EDU>,
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010411184348.K413@tigerteam.net>
Date: Wed, 11 Apr 2001 18:43:48 +0700
Reply-To: Fyodor <fygrave@TIGERTEAM.NET>
From: Fyodor <fygrave@TIGERTEAM.NET>
X-To: stanislav shalunov <shalunov@INTERNET2.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <87bsq469h3.fsf@cain.internet2.edu>; from shalunov@INTERNET2.EDU
on Tue, Apr 10, 2001 at 11:49:28AM -0400
On Tue, Apr 10, 2001 at 11:49:28AM -0400, stanislav shalunov wrote:
> Chiaki Ishikawa <Chiaki.Ishikawa@PERSONAL-MEDIA.CO.JP> writes:
>
> > Has anyone tested the exploit against embedded ntp implementations
> > such as in Cisco router, for example, to see if the daemon would
> > misbehave, etc.?
>
> I couldn't do anything to the NTP implementation of a Cisco router
> here with the stock "ntpdx" exploit as it was posted. (It doesn't
> crash, it doesn't exhibit same heap corruption as xntpd v3.)
>
Cisco IOS (at least 11.x series) _IS_ vulnerable (tested, confirmed). Earlier
versions are presumably vulnerable too. Haven't tested IOS 12.x but it may have
the same bug inherited as well (unless cisco folks found the problem and fixed
it silently).
Hope it helps...
-Fyodor
--
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
