[ntp:hackers] re: [Fwd: [Full-disclosure] ntpd stack evasion 0day exploit]

Paul Vixie paul at vix.com
Tue Jan 10 22:09:56 UTC 2006


i'm not on FD but i've got friends who are.  

is this a real problem, in current ntpd?  if so, can someone notify CERT
and get a fix prepared as well as a CERT advisory describing the hole+fix?

is this a fake problem, in which case, can someone answer it on FD?

is this an old problem, in which case, can someone put an explaination on
the WIKI (or whatever) and tell CERT the URL?

to the extent that ISC is seen helping NTP, you're bound by our reputation,
which is that we jump all over security issues and cooperate fully with CERT
and similar bodies and fully disclose everything possible as soon as possible.

re:



More information about the hackers mailing list