EnGarde Secure Linux Security Advisory: xntp i386 packages availableApr 26, 2001, 18:00 (0 Talkback[s])
From: email@example.com Subject: [ESA-20010409-02] xntp i386 packages available Date: 26 Apr 2001 12:48:08 -0400
(This advisory is being re-issued to denote the release of our updated packages for the i386 architecture.)
EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, complete e-commerce using AllCommerce, and integrated open source security tools.
There is a very small buffer overflow in NTP daemon which shipped with EnGarde Secure Linux version 1.0.1.
The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The xntp3 package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers.
By attacking a very small buffer with a very small set of shellcode, an attacker can potentially gain root access. It has been reported that in some cases the only effect is the segfault of the ntpd.
All users running 'xntp3' should upgrade to the most recent version, as outlined in this advisory. All updates can be found at:
To install the updated package, execute the command:
rpm -Uvh <filename>
To verify the signature of the updated packages, execute the command:
rpm -Kv <filename>
i386 Binary Packages:
i686 Binary Packages:
Guardian Digital's public key:
Credit for the discovery of this bug goes to: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
The Official Web Site:
SecurityFocus Bug ID:
Initial Announcement on BugTraq:
$Id: 2001.04.09-xntp3,v 1.2 2001/04/26 15:18:52 rwm Exp $
Author: Ryan W. Maple, <firstname.lastname@example.org> Copyright 2001, Guardian Digital, Inc.
To unsubscribe email email@example.com with "unsubscribe" in the subject of the message. Copyright(c) 2001 Guardian Digital, Inc. EnGardeLinux.org