Date: Sat, 7 Apr 2001 18:30:21 -0700 (PDT) From: <lamont@scriptkiddie.org> To: Kal Torak <kaltorak@quake.com.au> Cc: FreeBSD-stable <freebsd-stable@freebsd.org> Subject: Re: ntpd root exploit - advisory? Message-ID: <Pine.LNX.4.30.0104071825170.9512-100000@coredump.scriptkiddie.org> In-Reply-To: <3ACEBDB0.DD6555C8@quake.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 7 Apr 2001, Kal Torak wrote: > Just wondering why there has been no security advisory on the > announce list about the ntpd root exploit and buffer overflow > allowing for syslog DoS attack... actually, its much worse than a syslog DoS attack. you can easily trash the machine using this exploit. its just difficult to remotely get a shell out of it (difficult does not == impossible, difficult merely means that nobody has made public a way to do it, and i haven't been able to figure one out...). not only that but the attack can be spoofed and is pretty much untraceable and can't be filtered (at least not perfectly). > I noticed that a few fixes have been committed to stable for > ntpd, but no advisory... Whats going on? Is it still not totally > fixed yet? its fixed in the latest 4.2-stable, i'd not waste any time upgrading. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.30.0104071825170.9512-100000>