lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jan 11 15:02:03 2006 From: bignell at gmail.com (Graham Bignell) Subject: ntpd stack evasion 0day exploit On 11/01/06, Siegfried <siegfri3d@...il.com> wrote: > omfg i hope it isn't marcos flavio who invented that shit again (100% > old-modified exploit & fake site) > or get a fucking brain man! > http://downloads.securityfocus.com/vulnerabilities/exploits/ntpd-exp.c Not only is this plagiarism of work from five years ago, it was patched five years ago. Already disclosed, already remedied. No mayhem. >From http://www.kb.cert.org/vuls/id/JSHA-4VJFMF --- ntp_control.c.1 Thu Apr 5 21:41:56 2001 +++ ntp_control.c Thu Apr 5 21:43:02 2001 @@ -1824,6 +1824,8 @@ while (cp < reqend && *cp != ',') *tp++ = *cp++; + if (tp >= buf + sizeof(buf)) + return (0); if (cp < reqend) cp++; *tp = '\0'; \\//, Lorax
Powered by blists - more mailing lists