Re: [SECURITY] [DSA 045-1] ntp remote root exploit fixed
On Thu, Apr 05, 2001 at 12:12:17PM -0500, JonesMB wrote:
> I guess we should expect a whole lot of attempts to connect to the ports
> used by NTP once the script kiddies figure this one out.
>
> I probably average about 20 connect attempts to ports 53 and 111 every day.
port 137 has also a good average.
>
> jmb
>
> >Package: ntp
> >Vulnerability: remote root exploit
> >Debian-specific: no
> >
> >Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp
> >daemons such as that released with Debian GNU/Linux are vulnerable to a
> >buffer overflow that can lead to a remote root exploit. This has been
> >corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato1.
> >
> >We recommend you upgrade your ntp package immediately.
> >
> >wget url
> > will fetch the file for you
> >dpkg -i file.deb
> > will install the referenced file.
>
> --------
> The Arthem Group
> - Your number one source for web site design and hosting services
> jonesmb@arthem.com
> http://www.arthem.com
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
>
--
Philippe BARNETCHE
AGISphere
14, Boulevard Vital Bouhot
92200 NEUILLY/SEINE
01 47 45 99 92
06 10 01 68 11
"He who sacrifices functionality for ease of use
loses both and deserves neither."
Reply to: