[ntp:questions] NTP internal server?
David L. Mills
mills at udel.edu
Sat Oct 28 01:15:02 UTC 2006
Watch the from address; I may have fixed the problem.
I think you are referring to a CDRT advisory severak years ago that
claimed a stack vulnerability. There was at that time a possible stack
vulnerability, quickly corrected, but the CERT-supplied code was itself
defective and could not work in any configuration. I also tried several
machines; none were affected.
Harlan Stenn wrote:
>>>>In article <454202e7$0$323$e4fe514c at news.xs4all.nl>, "Maarten Wiltink" <maarten at kittensandcats.net> writes:
>>>As far as anyone here knows there are no "exploits" associated with NTP.
> Maarten> After a short look-around on SecurityFocus, I would like to exclude
> Maarten> myself from that 'anyone' group.
> OK, I see nothing there that was not fixed several years ago. And while I
> saw claims of a root exploit, I was unable to duplicate that expoit in my
> testing (I tried it a few times).
> Do you see anything current, or even more recent?
More information about the questions