[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stalk:00296] Re: ntpd =< 4.0.99k remote buffer overflow

To: security-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [stalk:00296] Re: ntpd =< 4.0.99k remote buffer overflow
From: Seiichi Nakashima <nakasei@xxxxxxxxxxxx>
Date: Thu, 12 Apr 2001 21:10:16 +0900

(B
(B
$BCfEg$G$9!#(B
(B
(BBugtraq $B$N(B ML $B$+$iH4?h$7$F$$$^$9!#(B
(B
(BNTP$B$NLdBj$O$h$jBg$-$JLdBj$K$J$k2DG=@-$,$"$k$h$&$G$9!#(B
(B
(B
(BIn message "Re: ntp-4.99k23.tar.gz is available",
(BFyodor wrote...
(B
(B >> > Has anyone tested the exploit against embedded ntp implementations
(B >> > such as in Cisco router, for example, to see if the daemon would
(B >> > misbehave, etc.?
(B >>
(B >> I couldn't do anything to the NTP implementation of a Cisco router
(B >> here with the stock "ntpdx" exploit as it was posted.  (It doesn't
(B >> crash, it doesn't exhibit same heap corruption as xntpd v3.)
(B >>
(B >
(B >Cisco IOS (at least 11.x series) _IS_ vulnerable (tested, confirmed). Earlier
(B >versions are presumably vulnerable too. Haven't tested IOS 12.x but it may have
(B >the same bug inherited as well (unless cisco folks found the problem and fixed
(B >it silently).
(B
(B
(B----
(BSeiichi Nakashima  nakasei@xxxxxxxxxxxx
(B--
(B- $B$3$N%a%$%j%s%0%j%9%H$K4X$9$khttp://www.infoseek.co.jp/GHome?pg=gn_top.html&svx=971122

Follow-Ups:
- [stalk:00297] Re: ntpd =< 4.0.99k remote buffer overflow
  - From: KOJIMA Hajime / $B>.EgH%(B

References:
- [stalk:00294] Re: ntpd =< 4.0.99k remote buffer overflow
  - From: KuniG

Prev by Date: [stalk:00295] Re: NHK $B$G(B HUC$B$NJsF;!dO?(B$B2h(B
Next by Date: [stalk:00297] Re: ntpd =< 4.0.99k remote buffer overflow
Previous by thread: [stalk:00294] Re: ntpd =< 4.0.99k remote buffer overflow
Next by thread: [stalk:00297] Re: ntpd =< 4.0.99k remote buffer overflow
Index(es):
- Date
- Thread