[ntp:hackers] re: [Fwd: [Full-disclosure] ntpd stack evasion 0day
exploit]
Steve Kostecke
kostecke at ntp.isc.org
Wed Jan 11 15:07:31 UTC 2006
Paul Vixie said:
>is this a real problem, in current ntpd?
According to the exploit code posted in another message this is
for version 4.0.99. The current stable version of ntpd is 4.2.0.
>if so, can someone notify CERT and get a fix prepared as well as a CERT
>advisory describing the hole+fix?
The fix is already documented at
http://www.kb.cert.org/vuls/id/JSHA-4VJFMF
>is this a fake problem, in which case, can someone answer it on FD?
>
>is this an old problem, in which case, can someone put an explaination
>on the WIKI (or whatever) and tell CERT the URL?
I'll post something at http://ntp.isc.org as soon as I put out some
other fires here.
--
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project http://ntp.isc.org/
Public Key at http://ntp.isc.org/Users/SteveKostecke
More information about the hackers
mailing list