Linux Today: Linux News On Internet Time.

Dan Anderson: xntp3 unofficial security fix for RedHat

Apr 08, 2001, 17:36 (11 Talkback[s])

Seen on LWN

Dan Anderson has provided unofficial patched RPM's for the xntp3 exploit several other distributions have announced fixes for over the past few days.

In short, a buffer overflow in ntpd's control request parsing allows any remote attacker to gain root access if the daemon is running. The exploit was reported by Przemyslaw Frasunek.

Dan patched RedHat's xntp3-5.93-14 with a recent patch posted at http://www.securityfocus.com/archive/1/174011

His RPMS are built with libc6, glibc-2.1 on RedHat 6.2.

fd2e8eca6e3456b2abbbf396ce0d6a49  xntp3-5.93-15.i386.rpm
eed53a793e294b79a90350f32e28cd12  xntp3-5.93-15.src.rpm