From owner-freebsd-bugs Wed Apr 4 13:40: 7 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 22F3D37B720 for ; Wed, 4 Apr 2001 13:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f34Ke1w51352; Wed, 4 Apr 2001 13:40:01 -0700 (PDT) (envelope-from gnats) Received: from yeti.ismedia.pl (yeti.ismedia.pl [212.182.96.18]) by hub.freebsd.org (Postfix) with SMTP id B568737B71A for ; Wed, 4 Apr 2001 13:34:50 -0700 (PDT) (envelope-from venglin@freebsd.lublin.pl) Received: (qmail 25571 invoked from network); 4 Apr 2001 20:34:42 -0000 Received: from unknown (HELO lagoon.freebsd.lublin.pl) (212.182.115.11) by 0 with SMTP; 4 Apr 2001 20:34:42 -0000 Received: (qmail 6904 invoked from network); 4 Apr 2001 20:34:35 -0000 Received: from unknown (HELO riget.scene.pl) () by 0 with SMTP; 4 Apr 2001 20:34:35 -0000 Received: (qmail 6900 invoked by uid 1001); 4 Apr 2001 20:34:35 -0000 Message-Id: <20010404203435.6899.qmail@riget.scene.pl> Date: 4 Apr 2001 20:34:35 -0000 From: venglin@freebsd.lublin.pl Reply-To: venglin@freebsd.lublin.pl To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/26358: [SECURITY] ntpd(8) is vulnerable to remote buffer overflow Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 26358 >Category: bin >Synopsis: [SECURITY] ntpd(8) is vulnerable to remote buffer overflow >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Apr 04 13:40:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Przemyslaw Frasunek >Release: FreeBSD 4.2-STABLE i386 >Organization: czuby.net >Environment: ntpd shipped with FreeBSD 4.2-STABLE. >Description: There is a remote exploitable buffer overflow, allowing to gain root privileges in all versions of ntpd (Network Time Protocol Daemon). Overflow occurs, when daemon builds response for malicious packet. >How-To-Repeat: Proof of concept code: http://www.frasunek.com/sources/security/ntpdx.c >Fix: Unknown. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message