From owner-freebsd-stable Sat Apr 7 1:19:59 2001 Delivered-To: freebsd-stable@freebsd.org Received: from femail12.sdc1.sfba.home.com (femail12.sdc1.sfba.home.com [24.0.95.108]) by hub.freebsd.org (Postfix) with ESMTP id 9752937B423 for ; Sat, 7 Apr 2001 01:19:55 -0700 (PDT) (envelope-from stephen@math.missouri.edu) Received: from math.missouri.edu ([24.12.197.197]) by femail12.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010407081955.WPCG3930.femail12.sdc1.sfba.home.com@math.missouri.edu>; Sat, 7 Apr 2001 01:19:55 -0700 Message-ID: <3ACECDA4.AC4B9BDD@math.missouri.edu> Date: Sat, 07 Apr 2001 03:19:48 -0500 From: Stephen Montgomery-Smith X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Kal Torak Cc: FreeBSD-stable Subject: Re: ntpd root exploit - advisory? References: <3ACEBDB0.DD6555C8@quake.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I speak with no knowledge, but my experience is that these advisories always come out a few weeks after the problem has been fixed. Kal Torak wrote: > > Just wondering why there has been no security advisory on the > announce list about the ntpd root exploit and buffer overflow > allowing for syslog DoS attack... > > I noticed that a few fixes have been committed to stable for > ntpd, but no advisory... Whats going on? Is it still not totally > fixed yet? > -- Stephen Montgomery-Smith stephen@math.missouri.edu http://www.math.missouri.edu/~stephen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message