[Full-disclosure] ntpd stack evasion 0day exploit
Graham Bignell
bignell at gmail.com
Wed Jan 11 15:01:52 GMT 2006
On 11/01/06, Siegfried <siegfri3d at gmail.com> wrote:
> omfg i hope it isn't marcos flavio who invented that shit again (100%
> old-modified exploit & fake site)
> or get a fucking brain man!
> http://downloads.securityfocus.com/vulnerabilities/exploits/ntpd-exp.c
Not only is this plagiarism of work from five years ago, it was patched
five years ago. Already disclosed, already remedied. No mayhem.
>From http://www.kb.cert.org/vuls/id/JSHA-4VJFMF
--- ntp_control.c.1 Thu Apr 5 21:41:56 2001
+++ ntp_control.c Thu Apr 5 21:43:02 2001
@@ -1824,6 +1824,8 @@
while (cp < reqend && *cp !=
',')
*tp++ = *cp++;
+ if (tp >= buf + sizeof(buf))
+ return (0);
if (cp < reqend)
cp++;
*tp = '\0';
\\//,
Lorax
Full-Disclosure is hosted and sponsored by Secunia.