From owner-freebsd-security Wed Apr 4 17:19:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id 8623C37B424 for ; Wed, 4 Apr 2001 17:19:53 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.3/8.11.3) with ESMTP id f350Jgt52983; Thu, 5 Apr 2001 02:19:42 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Scott Johnson Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: ntpd =< 4.0.99k remote buffer overflow In-Reply-To: Your message of "Wed, 04 Apr 2001 19:16:26 CDT." <20010404191626.A6071@ns2.airlinksys.com> Date: Thu, 05 Apr 2001 02:19:41 +0200 Message-ID: <52981.986429981@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20010404191626.A6071@ns2.airlinksys.com>, Scott Johnson writes: >Quoth Poul-Henning Kamp on Thu, Apr 05, 2001 at 01:55:57AM +0200: >> >> This has already been fixed in FreeBSD current & stable an hour >> ago or so. >> >> Poul-Henning > >Is a patch coming for 4.2-RELEASE? Will we just have to install the port >over our system binaries, like we did with bind? In that case, it appears >that just setting PREFIX=/usr won't do to overwrite the system version, >since the port puts its binaries in ${PREFIX}/bin. The patch should apply to pretty much any version of (x)ntpd so please help yourself while I get some sleep. The patch is here: http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ntp/ntpd/ntp_control.c.diff?r1=1.1&r2=1.2 -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message