[ntp:security] (FWD) Linux NTP query v4.2.6p1 local buffer overflow vulnerability

Steve Kostecke steve at kostecke.net
Mon Mar 14 01:49:20 UTC 2011


------- Forwarded Message

Return-Path: bugs-bounces+security=ntp.org at lists.ntp.org
Delivery-Date: Sat Mar 12 09:58:12 2011
Return-path: <bugs-bounces+security=ntp.org at lists.ntp.org>
Envelope-to: steve at kostecke.net
Delivery-date: Sat, 12 Mar 2011 09:58:12 -0500
Received: from lists.ntp.org ([2001:4f8:fff7:1::7])
	by stasis.kostecke.net with esmtp (Exim 4.69)
	(envelope-from <bugs-bounces+security=ntp.org at lists.ntp.org>)
	id 1PyQGi-0000oQ-Er
	for steve at kostecke.net; Sat, 12 Mar 2011 09:58:12 -0500
Received: by lists.ntp.org (Postfix)
	id 16D8186D761; Sat, 12 Mar 2011 14:58:07 +0000 (UTC)
Delivered-To: security at lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5])
	by lists.ntp.org (Postfix) with ESMTP id 14BBA86D41E
	for <security at lists.ntp.org>; Sat, 12 Mar 2011 14:58:06 +0000 (UTC)
Received: from lists.ntp.org ([2001:4f8:fff7:1::7])
	by mail1.ntp.org with esmtp (Exim 4.72 (FreeBSD))
	(envelope-from <bugs-bounces+security=ntp.org at lists.ntp.org>)
	id 1PyQGR-000BhH-Di
	for security at ntp.org; Sat, 12 Mar 2011 14:58:06 +0000
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7])
	by lists.ntp.org (Postfix) with ESMTP id 607AA86D4F0
	for <security at ntp.org>; Sat, 12 Mar 2011 14:57:55 +0000 (UTC)
From: bugs-bounces at lists.ntp.org
To: security at ntp.org
MIME-Version: 1.0
Content-Type: message/rfc822
Message-ID: <mailman.1.1299941874.44505.bugs at lists.ntp.org>
Date: Sat, 12 Mar 2011 14:57:54 +0000
Precedence: bulk
X-BeenThere: bugs at lists.ntp.org
X-Mailman-Version: 2.1.12
List-Id: Bug and patch reports for the NTP software <bugs.lists.ntp.org>
X-List-Administrivia: yes
Sender: bugs-bounces+security=ntp.org at lists.ntp.org
Errors-To: bugs-bounces+security=ntp.org at lists.ntp.org
X-SA-Exim-Connect-IP: 2001:4f8:fff7:1::7
X-SA-Exim-Rcpt-To: security at ntp.org
X-SA-Exim-Mail-From: bugs-bounces+security=ntp.org at lists.ntp.org
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on mail1.ntp.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.0
Subject: Forward of moderated message
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Reply-To:  bugs at lists.ntp.org

Return-Path: <steventhomasseeley at gmail.com>
X-Original-To: bugs at lists.ntp.org
Delivered-To: bugs at lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5])
	by lists.ntp.org (Postfix) with ESMTP id 4C64B86D4F1
	for <bugs at lists.ntp.org>; Fri, 11 Mar 2011 10:20:35 +0000 (UTC)
Received: from mail-qw0-f50.google.com ([209.85.216.50])
	by mail1.ntp.org with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.72 (FreeBSD)) (envelope-from <steventhomasseeley at gmail.com>)
	id 1PxzSK-0005jS-4n for bugs at ntp.org; Fri, 11 Mar 2011 10:20:35 +0000
Received: by qwk3 with SMTP id 3so2553087qwk.23
	for <bugs at ntp.org>; Fri, 11 Mar 2011 02:20:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:date:message-id:subject:from:to
	:content-type; bh=FCONWc/1g7DtXLNlmGT+ggjAxsiQY55jp+gF7wz6kYA=;
	b=Bp34/2pA+kKUgy9tS26zRxyxbjfdtI33WQsEMKo72s8idzhVz1gNNt2m6IxAN/DQGw
	XjcAxlru+kYRnRcuywN7pwPvKZEF445cwbqa89/Gd213iIPNWraIjiXlZCC6L51A34dS
	qV2Spd8SGxau7UYRm6NS4UpAmOzkOBCuqSjv0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=ihA52lRLn3qj9oUXWDi4MvUjhMX8/ZZf+Y7De97Q1b23fAQauNWJsk7icuGct48Z2B
	HSYdBHHzUkUxx8eDPXi+nMlodgGGrUupjhk+tIA7Hf6lD/al3/uWPd+4eNbWXMoXp/Nz
	E+GugPDVIunD7W37g4pRdXPf3/y/RChq+j4G8=
MIME-Version: 1.0
Received: by 10.224.11.138 with SMTP id t10mr6961420qat.7.1299838816941; Fri,
	11 Mar 2011 02:20:16 -0800 (PST)
Received: by 10.224.80.197 with HTTP; Fri, 11 Mar 2011 02:20:16 -0800 (PST)
Date: Fri, 11 Mar 2011 21:20:16 +1100
Message-ID: <AANLkTin-DvBrHCoFRuW7SBbZ3=bszYSKJs-=mUct+Wcb at mail.gmail.com>
From: steven seeley <steventhomasseeley at gmail.com>
To: bugs at ntp.org
Content-Type: multipart/mixed; boundary=0015175cb1f8f2f6c3049e324e76
X-SA-Exim-Connect-IP: 209.85.216.50
X-SA-Exim-Rcpt-To: bugs at ntp.org
X-SA-Exim-Mail-From: steventhomasseeley at gmail.com
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on mail1.ntp.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
	autolearn=ham version=3.3.0
Subject: Linux NTP query v4.2.6p1 local buffer overflow vulnerability
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)

- --0015175cb1f8f2f6c3049e324e76
Content-Type: multipart/alternative; boundary=0015175cb1f8f2f6b3049e324e74

- --0015175cb1f8f2f6b3049e324e74
Content-Type: text/plain; charset=ISO-8859-1

Hello guys,

I think I found a bug in your software. If you need more details please dont
hesitate to contact me back. Please see attached document detailing the
issue.

Kind regards,

Steven Seeley

- --0015175cb1f8f2f6b3049e324e74
Content-Type: text/html; charset=ISO-8859-1

Hello guys,<br><br>I think I found a bug in your software. If you need more details please dont hesitate to contact me back. Please see attached document detailing the issue.<br><br>Kind regards,<br><br>Steven Seeley<br>

- --0015175cb1f8f2f6b3049e324e74--
- --0015175cb1f8f2f6c3049e324e76
Content-Type: text/plain; charset=US-ASCII; name="crashreport.txt"
Content-Disposition: attachment; filename="crashreport.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_gl4ykspy0

TGludXggTlRQIHF1ZXJ5IHY0LjIuNnAxIGxvY2FsIGJ1ZmZlciBvdmVyZmxvdyB2dWxuZXJhYmls
aXR5Cn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+
fn5+fn5+fgp2ZW5kb3I6IGh0dHA6Ly93d3cubnRwLm9yZy8Kc29mdHdhcmU6IGh0dHA6Ly93d3cu
ZWVjaXMudWRlbC5lZHUvfm50cC9udHBfc3Bvb2wvbnRwNC9udHAtNC4yL250cC00LjIuNnAxLnRh
ci5negppbXBhY3Q6IG1pbm9yL2luZm9ybWF0aW9uYWwKClRoZXJlIGlzIGEgbG9jYWwgYnVmZmVy
IG92ZXJmbG93IGluIHRoZSBudHBxIGNsaWVudCB0aGF0IGNvbWVzIHBhY2thZ2VkIHdpdGggbnRw
LiAKTm90ZTogVGhlIGJpbmFyeSBpcyBOT1Qgc3VpZC9ndWlkIGVuYWJsZWQgYW5kIGlzIG5vdCBj
b21waWxlZCB3aXRoIGd1YXJkIHN0YWNrLiBOb25ldGhlbGVzcywKdGhpcyBidWcgcHJvdmlkZXMg
c29tZSBmdW4vaW50ZXJlc3RpbmcgYW5hbHlzaXMuCgptcl9tZUBwbHV0byB+XSQgeXVtIGxpc3Qg
aW5zdGFsbGVkIHwgZ3JlcCBudHAKZm9udHBhY2thZ2VzLWZpbGVzeXN0ZW0ubm9hcmNoICAgMS40
NC0xLmZjMTMgICAgICAgICAgICAgQHVwZGF0ZXMgICAgICAgICAgICAgICAKbnRwLmk2ODYgICAg
ICAgICAgICAgICAgICAgICAgICAgNC4yLjZwMS0yLmZjMTMgICAgICAgICAgQHVwZGF0ZXMgICAg
ICAgICAgICAgICAKbnRwZGF0ZS5pNjg2ICAgICAgICAgICAgICAgICAgICAgNC4yLjZwMS0yLmZj
MTMgICAgICAgICAgQHVwZGF0ZXMgICAgICAgICAgICAgICAKClttcl9tZUBwbHV0byB+XSQgL3Vz
ci9zYmluL250cHEgLS12ZXJzaW9uCm50cHEgLSBzdGFuZGFyZCBOVFAgcXVlcnkgcHJvZ3JhbSAt
IFZlci4gNC4yLjZwMQoKW21yX21lQHBsdXRvIH5dJCBnZGIgL3Vzci9zYmluL250cHEgCkdOVSBn
ZGIgKEdEQikgRmVkb3JhICg3LjEtMzQuZmMxMykKQ29weXJpZ2h0IChDKSAyMDEwIEZyZWUgU29m
dHdhcmUgRm91bmRhdGlvbiwgSW5jLgpMaWNlbnNlIEdQTHYzKzogR05VIEdQTCB2ZXJzaW9uIDMg
b3IgbGF0ZXIgPGh0dHA6Ly9nbnUub3JnL2xpY2Vuc2VzL2dwbC5odG1sPgpUaGlzIGlzIGZyZWUg
c29mdHdhcmU6IHlvdSBhcmUgZnJlZSB0byBjaGFuZ2UgYW5kIHJlZGlzdHJpYnV0ZSBpdC4KVGhl
cmUgaXMgTk8gV0FSUkFOVFksIHRvIHRoZSBleHRlbnQgcGVybWl0dGVkIGJ5IGxhdy4gIFR5cGUg
InNob3cgY29weWluZyIKYW5kICJzaG93IHdhcnJhbnR5IiBmb3IgZGV0YWlscy4KVGhpcyBHREIg
d2FzIGNvbmZpZ3VyZWQgYXMgImk2ODYtcmVkaGF0LWxpbnV4LWdudSIuCkZvciBidWcgcmVwb3J0
aW5nIGluc3RydWN0aW9ucywgcGxlYXNlIHNlZToKPGh0dHA6Ly93d3cuZ251Lm9yZy9zb2Z0d2Fy
ZS9nZGIvYnVncy8+Li4uClJlYWRpbmcgc3ltYm9scyBmcm9tIC91c3Ivc2Jpbi9udHBxLi4uKG5v
IGRlYnVnZ2luZyBzeW1ib2xzIGZvdW5kKS4uLmRvbmUuCk1pc3Npbmcgc2VwYXJhdGUgZGVidWdp
bmZvcywgdXNlOiBkZWJ1Z2luZm8taW5zdGFsbCBudHAtNC4yLjZwMS0yLmZjMTMuaTY4NgooZ2Ri
KSByClN0YXJ0aW5nIHByb2dyYW06IC91c3Ivc2Jpbi9udHBxIApbVGhyZWFkIGRlYnVnZ2luZyB1
c2luZyBsaWJ0aHJlYWRfZGIgZW5hYmxlZF0KbnRwcT4gQUFBQSB7MHg0YWN9IEFBQUFCQkJCQUFB
QUNDQ0NBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQS4uCioqKkNvbW1hbmQgYEFBQUEgezB4NGFjfSBBQUFBQkJCQkFB
QUFDQ0NDQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUEuLiAndW5rbm93bgoKUHJvZ3JhbSByZWNlaXZlZCBzaWduYWwg
U0lHU0VHViwgU2VnbWVudGF0aW9uIGZhdWx0LgoweGI3ZmFiNjBkIGluIGVsX2dldHMgKCkgZnJv
bSAvdXNyL2xpYi9saWJlZGl0LnNvLjAKKGdkYikgaSByCmVheCAgICAgICAgICAgIDB4YmZmZmYz
MmMJLTEwNzM3NDUxMDgKZWN4ICAgICAgICAgICAgMHgwCTAKZWR4ICAgICAgICAgICAgMHg0MjQy
NDI0MgkxMTExNjM4NTk0CTwgLS0tLSBmdWxsIGNvbnRyb2wKZWJ4ICAgICAgICAgICAgMHhiN2Zj
NWFjMAktMTIwODE5ODQ2NAplc3AgICAgICAgICAgICAweGJmZmZmMjYwCTB4YmZmZmYyNjAKZWJw
ICAgICAgICAgICAgMHhiZmZmZjJjOAkweGJmZmZmMmM4CmVzaSAgICAgICAgICAgIDB4NDM0MzQz
NDMJMTEyODQ4MTYwMwk8IC0tLS0gZnVsbCBjb250cm9sCmVkaSAgICAgICAgICAgIDB4YmZmZmYz
MmMJLTEwNzM3NDUxMDgKZWlwICAgICAgICAgICAgMHhiN2ZhYjYwZAkweGI3ZmFiNjBkIDxlbF9n
ZXRzKzQ1PgplZmxhZ3MgICAgICAgICAweDEwMjgyCVsgU0YgSUYgUkYgXQpjcyAgICAgICAgICAg
ICAweDczCTExNQpzcyAgICAgICAgICAgICAweDdiCTEyMwpkcyAgICAgICAgICAgICAweDdiCTEy
MwplcyAgICAgICAgICAgICAweDdiCTEyMwpmcyAgICAgICAgICAgICAweDAJMApncyAgICAgICAg
ICAgICAweDMzCTUxCihnZGIpIGJ0CiMwICAweGI3ZmFiNjBkIGluIGVsX2dldHMgKCkgZnJvbSAv
dXNyL2xpYi9saWJlZGl0LnNvLjAKIzEgIDB4MDAxMmM3YjAgaW4gPz8gKCkKIzIgIDB4MDAxMTk2
YTMgaW4gPz8gKCkKIzMgIDB4MDAxMTk3OGMgaW4gbWFpbiAoKQooZ2RiKSBkaXNhcyAweGI3ZmFi
NjBkCkR1bXAgb2YgYXNzZW1ibGVyIGNvZGUgZm9yIGZ1bmN0aW9uIGVsX2dldHM6CiAgIDB4Yjdm
YWI1ZTAgPCswPjoJcHVzaCAgICVlYnAKICAgMHhiN2ZhYjVlMSA8KzE+Ogltb3YgICAgJWVzcCwl
ZWJwCiAgIDB4YjdmYWI1ZTMgPCszPjoJcHVzaCAgICVlZGkKICAgMHhiN2ZhYjVlNCA8KzQ+Oglw
dXNoICAgJWVzaQogICAweGI3ZmFiNWU1IDwrNT46CWxlYSAgICAtMHgyMCglZWJwKSwlZWF4CiAg
IDB4YjdmYWI1ZTggPCs4PjoJcHVzaCAgICVlYngKICAgMHhiN2ZhYjVlOSA8Kzk+OgljYWxsICAg
MHhiN2ZhNTQ2OQogICAweGI3ZmFiNWVlIDwrMTQ+OglhZGQgICAgJDB4MWE0ZDIsJWVieAogICAw
eGI3ZmFiNWY0IDwrMjA+OglsZWEgICAgLTB4NWMoJWVzcCksJWVzcAogICAweGI3ZmFiNWY4IDwr
MjQ+Ogltb3YgICAgMHhjKCVlYnApLCVlZGkKICAgMHhiN2ZhYjVmYiA8KzI3PjoJdGVzdCAgICVl
ZGksJWVkaQogICAweGI3ZmFiNWZkIDwrMjk+Ogltb3YgICAgMHg4KCVlYnApLCVlc2kKICAgMHhi
N2ZhYjYwMCA8KzMyPjoJY21vdm5lIDB4YyglZWJwKSwlZWF4CiAgIDB4YjdmYWI2MDQgPCszNj46
CW1vdiAgICAlZWF4LDB4YyglZWJwKQogICAweGI3ZmFiNjA3IDwrMzk+Ogltb3ZsICAgJDB4MCwo
JWVheCkKPT4gMHhiN2ZhYjYwZCA8KzQ1PjoJbW92ICAgIDB4MTQoJWVzaSksJWVheAogICAweGI3
ZmFiNjEwIDwrNDg+Ogl0ZXN0ICAgJDB4MiwlYWwKICAgMHhiN2ZhYjYxMiA8KzUwPjoJamUgICAg
IDB4YjdmYWI2YjAgPGVsX2dldHMrMjA4PgogICAweGI3ZmFiNjE4IDwrNTY+Ogltb3YgICAgMHgz
MCglZXNpKSwlZWRpCiAgIDB4YjdmYWI2MWIgPCs1OT46CW1vdiAgICAlZWRpLDB4NCglZXNwKQog
ICAweGI3ZmFiNjFmIDwrNjM+Ogltb3YgICAgJWVzaSwoJWVzcCkKICAgMHhiN2ZhYjYyMiA8KzY2
PjoJY2FsbCAgICoweDMyNCglZXNpKQogICAweGI3ZmFiNjI4IDwrNzI+OgljbXAgICAgJDB4MSwl
ZWF4CiAgIDB4YjdmYWI2MmIgPCs3NT46CW1vdiAgICAlZWF4LCVlY3gKICAgMHhiN2ZhYjYyZCA8
Kzc3PjoJam5lICAgIDB4YjdmYWJhNTAgPGVsX2dldHMrMTEzNj4KICAgMHhiN2ZhYjYzMyA8Kzgz
PjoJbGVhICAgIDB4MSglZWRpKSwlZWR4CiAgIDB4YjdmYWI2MzYgPCs4Nj46CWNtcCAgICAweDNj
KCVlc2kpLCVlZHgKICAgMHhiN2ZhYjYzOSA8Kzg5PjoJamFlICAgIDB4YjdmYWI2ODAgPGVsX2dl
dHMrMTYwPgogICAweGI3ZmFiNjNiIDwrOTE+Ogltb3YgICAgJWVkaSwlZWF4CiAgIDB4YjdmYWI2
M2QgPCs5Mz46CW1vdiAgICAlZWR4LCVlZGkKICAgMHhiN2ZhYjYzZiA8Kzk1PjoJdGVzdGIgICQw
eDgsMHgxNCglZXNpKQogICAweGI3ZmFiNjQzIDwrOTk+OglqbmUgICAgMHhiN2ZhYjY1MCA8ZWxf
Z2V0cysxMTI+CiAgIDB4YjdmYWI2NDUgPCsxMDE+Ogltb3Z6YmwgKCVlYXgpLCVlYXgKICAgMHhi
N2ZhYjY0OCA8KzEwND46CWNtcCAgICAkMHhhLCVhbAogICAweGI3ZmFiNjRhIDwrMTA2PjoJamUg
ICAgIDB4YjdmYWI2NTAgPGVsX2dldHMrMTEyPgogICAweGI3ZmFiNjRjIDwrMTA4PjoJY21wICAg
ICQweGQsJWFsCi0tLVR5cGUgPHJldHVybj4gdG8gY29udGludWUsIG9yIHEgPHJldHVybj4gdG8g
cXVpdC0tLQoKSSB0aGluayB0aGUgb3ZlcmZsb3cgaXMgc29tZXdoZXJlIGhlcmUgaW4gdGhlIHNy
YyBjb2RlIChsaW5lIDE0MzYpIG50cHEvbnRwcS5jOmdldGNtZHMoKQoKZ2V0Y21kcyh2b2lkKQp7
CgljaGFyICoJbGluZTsKCWludAljb3VudDsKCgludHBfcmVhZGxpbmVfaW5pdChpbnRlcmFjdGl2
ZSA/IHByb21wdCA6IE5VTEwpOwoKCWZvciAoOzspIHsKCQlsaW5lID0gbnRwX3JlYWRsaW5lKCZj
b3VudCk7CgkJaWYgKE5VTEwgPT0gbGluZSkKCQkJYnJlYWs7CgkJZG9jbWQobGluZSk7CgkJZnJl
ZShsaW5lKTsKCX0KCgludHBfcmVhZGxpbmVfdW5pbml0KCk7Cn0KClRoZSBjb2RlIGFjY2VzcyB2
aW9sYXRlcyBhdCAnbW92IGVheCwgZHdvcmQgcHRyIFslZXNpKzIwXScuIEEgdGhpcyBwb2ludCwg
dGhlIEVBWCByZWdpc3RlciBjYW4gYmUgY29udHJvbGxlZApieSBzZXR0aW5nIGEgdmFsaWQgcncg
bWVtb3J5IGFkZHJlc3MgaW50byBFU0kuIFRoaXMgd2lsbCB0cmlnZ2VyIGEgZGVmZXJlbmNlIEAg
MHhiN2ZhYjYwZCB0byBFQVggYW5kIHRoZSB2YWx1ZSAKb2YgRVNJKzIwIHdpbGwgd3JpdHRlbi4g
VGhlIG9mZnNldCB0byBjb250cm9sbGluZyBFRFggaXMgMTIwNCBieXRlcyBhbmQgdGhlIG9mZnNl
dCB0byBFU0kgaXMgMTIxMiBieXRlcy4KCkluIHN1bW1hcnksIGl0IGlzIGxpa2xleSB0aGF0IHRo
ZSBleGVjdXRpb24gZmxvdyBjYW4gYmUgcmVkaXJlY3RlZCB0byB0aGUgZGVzaXJlZCBzaGVsbGNv
ZGUuCgp+IG1yX21lCg==
- --0015175cb1f8f2f6c3049e324e76--

------- End of Forwarded Message



More information about the security mailing list