ntpd root exploit

E Frank Ball frankb at efball.com
Wed Apr 11 19:57:59 PDT 2001


At the meeting Dustin asked me to post this:  

Last friday a root exploit was found for ntp and xntpd.  Debian,
FreeBSD, RedHat, and Mandrake all have new packages out to fix it.
HP-UX and Turbo do not.  The patch used to fix FreeBSD and a couple of
later patches to fix other stuff were posted to www.securityfocus.com.
I don't have the exact url, you will have to do a search for "ntp" and
rumage around to find them there.  I stuck copies on my server if you
want to trust me.

http://zouave.sonic.net:8008/ntp/ntpd-patch1.diff
http://zouave.sonic.net:8008/ntp/ntpd-patch2.diff
http://zouave.sonic.net:8008/ntp/ntpd-patch3.diff

I edited the file names (inside the patches) to make them easy to patch
into the Turbo ntp source rpm:

http://zouave.sonic.net:8008/ntp/ntp-4.0.98g-1.src.rpm

The patches don't work with the RedHat source for 6.2 or 7.0, but the
patched Turbo source works fine on RH (I did this Monday before the
RedHat packages came out).

Later a new, fixed, tar file was announced:

http://zouave.sonic.net:8008/ntp/ntp-4.0.99k23.tar.gz

   E Frank Ball                efball at efball.com

P.S.  M.E.  If you are reading this send the URL of your web page to the
list.  - thanks



More information about the talk mailing list