[ntp:hackers] re: [Fwd: [Full-disclosure] ntpd stack evasion 0day exploit]

Danny Mayer mayer at ntp.isc.org
Wed Jan 11 04:22:33 UTC 2006


Paul Vixie wrote:
> i'm not on FD but i've got friends who are.  
> 
> is this a real problem, in current ntpd?  if so, can someone notify CERT
> and get a fix prepared as well as a CERT advisory describing the hole+fix?
> 
> is this a fake problem, in which case, can someone answer it on FD?
> 
> is this an old problem, in which case, can someone put an explaination on
> the WIKI (or whatever) and tell CERT the URL?
> 
> to the extent that ISC is seen helping NTP, you're bound by our reputation,
> which is that we jump all over security issues and cooperate fully with CERT
> and similar bodies and fully disclose everything possible as soon as possible.
> 
> re:
Paul,

See the following CERT article:
http://www.kb.cert.org/vuls/id/JSHA-4VJFMF

Danny


More information about the hackers mailing list