From owner-freebsd-security  Wed Apr  4 18:57: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cowpie.acm.vt.edu (cowpie.acm.vt.edu [128.173.42.253])
	by hub.freebsd.org (Postfix) with ESMTP id 8614A37B496
	for <freebsd-security@FreeBSD.ORG>; Wed,  4 Apr 2001 18:57:05 -0700 (PDT)
	(envelope-from dlacroix@cowpie.acm.vt.edu)
Received: (from dlacroix@localhost)
	by cowpie.acm.vt.edu (8.11.3/8.11.3) id f351uiq20419;
	Wed, 4 Apr 2001 21:56:44 -0400 (EDT)
	(envelope-from dlacroix)
From: David La Croix <dlacroix@cowpie.acm.vt.edu>
Message-Id: <200104050156.f351uiq20419@cowpie.acm.vt.edu>
Subject: Re: Fwd: ntpd =< 4.0.99k remote buffer overflow
To: fbsd-secure@ursine.com (Michael Bryan)
Date: Wed, 4 Apr 2001 20:56:44 -0500 (CDT)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <no.id> from "Michael Bryan" at Apr 04, 2001 04:46:43 PM
X-Mailer: ELM [version 2.5 PL5]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> 
> 
> Heads up.  This just came across BugTraq, will likely affect FreeBSD.
> As of 4.2-RELEASE, the ntpd that ships with FreeBSD is 4.0.99b.
> 
> 

Haven't seen anybody mention this yet....   (and I hate to admit to 
still using 3.x)    I have a production box which I haven't upgraded yet...

Is the version of xntpd in 3.x-STABLE (xntpdc version=3.4e) 
succeptable to this, or any other, known buffer overflows?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message