ntpd root exploit
Rafe Magnuson
rmagnuson at onebox.com
Thu Apr 12 08:04:06 PDT 2001
Thanks, Frank. :^)
--
Rafe Magnuson
rmagnuson at onebox.com - email
(707) 583-2064 x3064 - voicemail/fax
www.digital-avatar2.com/members/rmagnuson/
---- frankb at efball.com (E Frank Ball) wrote:
>
> At the meeting Dustin asked me to post this:
>
> Last friday a root exploit was found for ntp and xntpd. Debian,
> FreeBSD, RedHat, and Mandrake all have new packages out to fix it.
> HP-UX and Turbo do not. The patch used to fix FreeBSD and a couple
> of
> later patches to fix other stuff were posted to www.securityfocus.com.
> I don't have the exact url, you will have to do a search for "ntp"
> and
> rumage around to find them there. I stuck copies on my server if you
> want to trust me.
>
> http://zouave.sonic.net:8008/ntp/ntpd-patch1.diff
> http://zouave.sonic.net:8008/ntp/ntpd-patch2.diff
> http://zouave.sonic.net:8008/ntp/ntpd-patch3.diff
>
> I edited the file names (inside the patches) to make them easy to patch
> into the Turbo ntp source rpm:
>
> http://zouave.sonic.net:8008/ntp/ntp-4.0.98g-1.src.rpm
>
> The patches don't work with the RedHat source for 6.2 or 7.0, but the
> patched Turbo source works fine on RH (I did this Monday before the
> RedHat packages came out).
>
> Later a new, fixed, tar file was announced:
>
> http://zouave.sonic.net:8008/ntp/ntp-4.0.99k23.tar.gz
>
> E Frank Ball efball at efball.com
>
> P.S. M.E. If you are reading this send the URL of your web page to
> the
> list. - thanks
>
__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com
More information about the talk
mailing list