[ntp:questions] NTP internal server?

David L. Mills mills at udel.edu
Sat Oct 28 01:15:02 UTC 2006


Watch the from address; I may have fixed the problem.

I think you are referring to a CDRT advisory severak years ago that 
claimed a stack vulnerability. There was at that time a possible stack 
vulnerability, quickly corrected, but the CERT-supplied code was itself 
defective and could not work in any configuration. I also tried several 
machines; none were affected.


Harlan Stenn wrote:
>>>>In article <454202e7$0$323$e4fe514c at news.xs4all.nl>, "Maarten Wiltink" <maarten at kittensandcats.net> writes:
>>>As far as anyone here knows there are no "exploits" associated with NTP.
> Maarten> After a short look-around on SecurityFocus, I would like to exclude
> Maarten> myself from that 'anyone' group.
> OK, I see nothing there that was not fixed several years ago.  And while I
> saw claims of a root exploit, I was unable to duplicate that expoit in my
> testing (I tried it a few times).
> Do you see anything current, or even more recent?
> H

More information about the questions mailing list