Date: Thu, 05 Apr 2001 02:19:41 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Scott Johnson <sjohn@airlinksys.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: ntpd =< 4.0.99k remote buffer overflow Message-ID: <52981.986429981@critter> In-Reply-To: Your message of "Wed, 04 Apr 2001 19:16:26 CDT." <20010404191626.A6071@ns2.airlinksys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010404191626.A6071@ns2.airlinksys.com>, Scott Johnson writes:
>Quoth Poul-Henning Kamp on Thu, Apr 05, 2001 at 01:55:57AM +0200:
>>
>> This has already been fixed in FreeBSD current & stable an hour
>> ago or so.
>>
>> Poul-Henning
>
>Is a patch coming for 4.2-RELEASE? Will we just have to install the port
>over our system binaries, like we did with bind? In that case, it appears
>that just setting PREFIX=/usr won't do to overwrite the system version,
>since the port puts its binaries in ${PREFIX}/bin.
The patch should apply to pretty much any version of (x)ntpd so please
help yourself while I get some sleep.
The patch is here:
http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ntp/ntpd/ntp_control.c.diff?r1=1.1&r2=1.2
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52981.986429981>