Dan Anderson: xntp3 unofficial security fix for RedHatApr 08, 2001, 17:36 (11 Talkback[s])
Seen on LWN
Dan Anderson has provided unofficial patched RPM's for the xntp3 exploit several other distributions have announced fixes for over the past few days.
In short, a buffer overflow in ntpd's control request parsing allows any remote attacker to gain root access if the daemon is running. The exploit was reported by Przemyslaw Frasunek.
Dan patched RedHat's xntp3-5.93-14 with a recent patch posted at http://www.securityfocus.com/archive/1/174011
His RPMS are built with libc6, glibc-2.1 on RedHat 6.2.
md5sums: fd2e8eca6e3456b2abbbf396ce0d6a49 xntp3-5.93-15.i386.rpm eed53a793e294b79a90350f32e28cd12 xntp3-5.93-15.src.rpm