Re: [SECURITY] [DSA 045-1] ntp remote root exploit fixed
On Thu, Apr 05, 2001 at 12:12:17PM -0500, JonesMB wrote:
> I guess we should expect a whole lot of attempts to connect to the ports
> used by NTP once the script kiddies figure this one out.
> I probably average about 20 connect attempts to ports 53 and 111 every day.
port 137 has also a good average.
> >Package: ntp
> >Vulnerability: remote root exploit
> >Debian-specific: no
> >Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp
> >daemons such as that released with Debian GNU/Linux are vulnerable to a
> >buffer overflow that can lead to a remote root exploit. This has been
> >corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato1.
> >We recommend you upgrade your ntp package immediately.
> >wget url
> > will fetch the file for you
> >dpkg -i file.deb
> > will install the referenced file.
> The Arthem Group
> - Your number one source for web site design and hosting services
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
14, Boulevard Vital Bouhot
01 47 45 99 92
06 10 01 68 11
"He who sacrifices functionality for ease of use
loses both and deserves neither."