[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[stalk:00303] Re: ntpd =< 4.0.99k remote buffer overflow
- To: security-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: [stalk:00303] Re: ntpd =< 4.0.99k remote buffer overflow
- From: Seiichi Nakashima <nakasei@xxxxxxxxxxxx>
- Date: Fri, 13 Apr 2001 17:18:49 +0900
中島です。
また、変更のようです。
>William Colburn wrote:
>
>> The package is newer as of today.
>
>True enough, but I have the impression that there are more changes there
>than just the area of code that's affected by the buffer overflow that
>triggered the start of this thread. Can anyone confirm this?
>
>I've looked and I *believe* the only difference relevant to this
>discussion between today's ntp-4.0.99k23 and last Friday's is the
>appended patch. If anyone believes there are more relevant differences
>could you please point them out?
>
>--
>----------------------------------------------------------------------
>Sylvain Robitaille syl@xxxxxxxxxxxxxxxxxx
>
>Systems analyst Concordia University
>Instructional & Information Technology Montreal, Quebec, Canada
>----------------------------------------------------------------------
>
>--- ntpd/ntp_control.c.20010412 Mon Apr 9 15:47:20 2001
>+++ ntpd/ntp_control.c Thu Apr 12 17:11:47 2001
>@@ -1759,9 +1759,11 @@
> }
> if (cp < reqend)
> cp++;
>- *tp = '\0';
>- while (isspace(*(tp-1)))
>- *(--tp) = '\0';
>+ while (tp > buf) {
>+ *tp-- = '\0';
>+ if (!isspace((int)(*tp)))
>+ break;
>+ }
> reqpt = cp;
> *data = buf;
> return v;
>
------------------------------
Name : Seiichi Nakashima
E-Mail : nakasei@xxxxxxxxxxxx
------------------------------
--
- このメイリングリストに関する質問・問い合せ等は
- <security-talk@xxxxxxxxxx>までお知らせください
--
------------------------------------------------------------------------
◆ダイエットの味方カプサイシン、何のことだか説明できる?
http://www.infoseek.co.jp/GHome?pg=gn_top.html&svx=971122