From owner-freebsd-bugs  Wed Apr  4 13:40: 7 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 22F3D37B720
	for <freebsd-bugs@hub.freebsd.org>; Wed,  4 Apr 2001 13:40:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f34Ke1w51352;
	Wed, 4 Apr 2001 13:40:01 -0700 (PDT)
	(envelope-from gnats)
Received: from yeti.ismedia.pl (yeti.ismedia.pl [212.182.96.18])
	by hub.freebsd.org (Postfix) with SMTP id B568737B71A
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  4 Apr 2001 13:34:50 -0700 (PDT)
	(envelope-from venglin@freebsd.lublin.pl)
Received: (qmail 25571 invoked from network); 4 Apr 2001 20:34:42 -0000
Received: from unknown (HELO lagoon.freebsd.lublin.pl) (212.182.115.11)
  by 0 with SMTP; 4 Apr 2001 20:34:42 -0000
Received: (qmail 6904 invoked from network); 4 Apr 2001 20:34:35 -0000
Received: from unknown (HELO riget.scene.pl) ()
  by 0 with SMTP; 4 Apr 2001 20:34:35 -0000
Received: (qmail 6900 invoked by uid 1001); 4 Apr 2001 20:34:35 -0000
Message-Id: <20010404203435.6899.qmail@riget.scene.pl>
Date: 4 Apr 2001 20:34:35 -0000
From: venglin@freebsd.lublin.pl
Reply-To: venglin@freebsd.lublin.pl
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/26358: [SECURITY] ntpd(8) is vulnerable to remote buffer overflow
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         26358
>Category:       bin
>Synopsis:       [SECURITY] ntpd(8) is vulnerable to remote buffer overflow
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 04 13:40:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Przemyslaw Frasunek
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
czuby.net
>Environment:

	ntpd shipped with FreeBSD 4.2-STABLE.

>Description:

	There is a remote exploitable buffer overflow, allowing to gain root
	privileges in all versions of ntpd (Network Time Protocol Daemon).
	Overflow occurs, when daemon builds response for malicious packet.

>How-To-Repeat:

	Proof of concept code: http://www.frasunek.com/sources/security/ntpdx.c

>Fix:

	Unknown.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message