lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <7cc4cba80601110701m3b8f9617j@mail.gmail.com>
Date: Wed Jan 11 15:02:03 2006
From: bignell at gmail.com (Graham Bignell)
Subject: ntpd stack evasion 0day exploit

On 11/01/06, Siegfried <siegfri3d@...il.com> wrote:
> omfg i hope it isn't marcos flavio who invented that shit again (100%
> old-modified exploit & fake site)
> or get a fucking brain man!
> http://downloads.securityfocus.com/vulnerabilities/exploits/ntpd-exp.c

Not only is this plagiarism of work from five years ago, it was patched
five years ago.  Already disclosed, already remedied.  No mayhem.

>From http://www.kb.cert.org/vuls/id/JSHA-4VJFMF

--- ntp_control.c.1 Thu Apr  5 21:41:56 2001
+++ ntp_control.c Thu Apr  5 21:43:02 2001
@@ -1824,6 +1824,8 @@
while (cp < reqend && *cp !=
   ',')
*tp++ = *cp++;
+ if (tp >= buf + sizeof(buf))
+ return (0);
if (cp < reqend)
cp++;
*tp = '\0';


\\//,
Lorax

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ