From owner-freebsd-security@FreeBSD.ORG  Thu May 21 15:27:15 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 58940106566C
	for <freebsd-security@freebsd.org>;
	Thu, 21 May 2009 15:27:15 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45])
	by mx1.freebsd.org (Postfix) with ESMTP id 101138FC19
	for <freebsd-security@freebsd.org>;
	Thu, 21 May 2009 15:27:14 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru;
	h=Received:Date:From:To:Subject:Message-ID:Reply-To:MIME-Version:Content-Type:Content-Disposition:Sender;
	b=UiK/htUbRM0E5/Z0s7XuD3UNeJ2dKvW5iZodSt9WSd0qhKOrYUP8SFQFM4k4EfKlbSeQxTaUwDjWjrdwmcnb+ef1V2yiIB+Ld6Zm+Z1CaRhQtfT03GadYbI1lMOLpZVfhMRifgJrwn+MJ0Ad73QV01s9okeFgdCpBVLK7zGS1cw=;
Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25])
	by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256)
	id 1M7AAr-0009oq-KI for freebsd-security@freebsd.org;
	Thu, 21 May 2009 19:27:13 +0400
Date: Thu, 21 May 2009 19:27:11 +0400
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: freebsd-security@freebsd.org
Message-ID: <tmfwPAag8pMO4zFLE80eKSEjeow@rIpAUh3gU5Np7mYgWV8VHlWG/Uo>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: rea-fbsd@codelabs.ru
Subject: FYI: ntpd, CVE-2009-1252, remote code execution with enabled
	Autokey authentication
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: rea-fbsd@codelabs.ru
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2009 15:27:15 -0000

For those who are running Autokey with stock NTPD:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252
  http://www.freebsd.org/cgi/query-pr.cgi?pr=134787

For users of net/ntp:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134755
  http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134756
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
    {_.-``-'         {_/            #