[ntp:questions] NTP internal server?

David L. Mills mills at udel.edu
Sat Oct 28 01:15:02 UTC 2006


Harlan,

Watch the from address; I may have fixed the problem.

I think you are referring to a CDRT advisory severak years ago that 
claimed a stack vulnerability. There was at that time a possible stack 
vulnerability, quickly corrected, but the CERT-supplied code was itself 
defective and could not work in any configuration. I also tried several 
machines; none were affected.

Dave

Harlan Stenn wrote:
>>>>In article <454202e7$0$323$e4fe514c at news.xs4all.nl>, "Maarten Wiltink" <maarten at kittensandcats.net> writes:
> 
> 
>>>As far as anyone here knows there are no "exploits" associated with NTP.
> 
> 
> Maarten> After a short look-around on SecurityFocus, I would like to exclude
> Maarten> myself from that 'anyone' group.
> 
> OK, I see nothing there that was not fixed several years ago.  And while I
> saw claims of a root exploit, I was unable to duplicate that expoit in my
> testing (I tried it a few times).
> 
> Do you see anything current, or even more recent?
> 
> H




More information about the questions mailing list