Progeny Security Advisory: ntpd remote buffer overflow | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

Progeny Security Advisory: ntpd remote buffer overflow

Written By
Web Webster
Web Webster
Apr 10, 2001 
Date:         Mon, 9 Apr 2001 06:31:27 -0500
From: Progeny Security Team <security@PROGENY.COM>
Subject:      PROGENY-SA-2001-02: ntpd remote buffer overflow

 ---------------------------------------------------------------------------
 PROGENY LINUX SYSTEMS -- SECURITY ADVISORY               PROGENY-SA-2001-02
 ---------------------------------------------------------------------------

    Topic:          ntpd remote buffer overflow

    Category:       net
    Module:         ntp
    Announced:      2001-04-09
    Credits:        Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
                    BUGTRAQ <BUGTRAQ@securityfocus.com>
                    Poul-Henning Kamp <phk@freebsd.org>
    Affects:        Progeny Debian (ntp prior to 4.0.99g-2.0progeny3)
                    Debian GNU/Linux (ntp prior to 4.0.99g-2potato1)
    Vendor-Status:  New Version Released (ntp_4.0.99g-2.0progeny3)
    Corrected:      2001-04-09
    Progeny Only:   NO

    $Id: PROGENY-SA-2001-02,v 1.6 2001/04/09 08:39:58 csg Exp $

 ---------------------------------------------------------------------------


SYNOPSIS

Versions of the Network Time Protocol Daemon (ntpd) previous to and
including 4.0.99k have a remote buffer overflow which may lead to a
remote root exploit.


PROBLEM DESCRIPTION

The Network Time Protocol Daemon is vulnerable to a remote buffer
overflow attack which could potentially be exploited to gain remote root
access.

The buffer overflow occurs when building a response to a query with a
large readvar argument.  The shellcode executed must be less than 70
bytes, otherwise the destination buffer is damaged.  This makes the
vulnerability difficult but not impossible to exploit.

Furthermore, it should be noted that it is easy to spoof the source
address of potential malicious queries to an ntp server.


IMPACT

Remote users could adapt available exploits to gain root privileges.


SOLUTION

Upgrade to a fixed version of ntpd.  You may use Progeny's ntp package,
version 4.0.99g-2.0progeny3, for convenience.


WORKAROUND

No known workaround exists for this vulnerability.


UPDATING VIA APT-GET

 1. Ensure that your /etc/apt/sources.list file has a URI for Progeny's
    security update repository:

        deb http://archive.progeny.com/progeny updates/newton/

 2. Update your cache of available packages for apt(8).

    Example:

        # apt-get update

 3. Using apt(8), install the new kernel package.  apt(8) will download
    the update, verify it's integrity with md5, and then install the
    package on your system with dpkg(8).

    Example:

        # apt-get install ntp

 4. Since this update installs a new version of the ntp daemon, the
    security fixes cannot take effect until you restart ntpd.  It is
    advisable to restart ntpd as soon as possible.

    Example:

        # /etc/init.d/ntp restart


UPDATING VIA DPKG

 1. Using your preferred FTP/HTTP client to retrieve the following
    updated files from Progeny's update archive at:

    http://archive.progeny.com/pub/progeny/updates/newton/

    Filename                             MD5 Checksum
    ------------------------------------ --------------------------------
    ntp_4.0.99g-2.0progeny3_i386.deb     edac3588fc782c6729b90719e7f41c5b

    Example:

        # wget http://archive.progeny.com/pub/progeny/updates/newton/ntp_4.0.99g-2.0progeny3_i386.deb

 2. Use the md5sum command on the retrieved file to verify that it matches
    the md5sum provided in this advisory:

    Example:

        # md5sum ntp_4.0.99g-2.0progeny3_i386.deb

 3. Then install the replacement package(s) using the dpkg command.

    Example:

        # dpkg --install ntp_4.0.99g-2.0progeny3_i386.deb

 4. Since this update installs a new version of the ntp daemon, the
    security fixes cannot take effect until you restart ntpd.  It is
    advisable to restart ntpd as soon as possible.

    Example:

        # /etc/init.d/ntp restart


MORE INFORMATION

While (reportedly) all upstream versions of ntp previous to and
including 4.0.99k are vulnerable, the Progeny Debian
4.0.99g-2.0progeny3 and Debian GNU/Linux 4.0.99g-2potato1 packages
have been patched to fix this problem.

 ---------------------------------------------------------------------------

pub  1024D/F92D4D1F 2001-04-04 Progeny Security Team <security@progeny.com>
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information