Skip site navigation (1)Skip section navigation (2)
Date:      4 Apr 2001 20:34:35 -0000
From:      venglin@freebsd.lublin.pl
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/26358: [SECURITY] ntpd(8) is vulnerable to remote buffer overflow
Message-ID:  <20010404203435.6899.qmail@riget.scene.pl>

next in thread | raw e-mail | index | archive | help

>Number:         26358
>Category:       bin
>Synopsis:       [SECURITY] ntpd(8) is vulnerable to remote buffer overflow
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 04 13:40:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Przemyslaw Frasunek
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
czuby.net
>Environment:

	ntpd shipped with FreeBSD 4.2-STABLE.

>Description:

	There is a remote exploitable buffer overflow, allowing to gain root
	privileges in all versions of ntpd (Network Time Protocol Daemon).
	Overflow occurs, when daemon builds response for malicious packet.

>How-To-Repeat:

	Proof of concept code: http://www.frasunek.com/sources/security/ntpdx.c

>Fix:

	Unknown.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010404203435.6899.qmail>