-----BEGIN PGP SIGNED MESSAGE-----
Good day, all --
Messages to Bugtraq since the published exploit have led me to
conclude that it is likely, though not yet proven, that xntpd is
vulnerable. The published proof-of-concept code, however, doesn't
seem to have succeeded against xntpd for anyone who's tried it. This
means you shouldn't assume that Red Hat =< 6.2 will be safe.
It has also been suggested that adding these lines to ntp.conf would
prevent a remote exploit, though not one by a local user:
restrict default ignore
restrict time.server.address nomodify
I no longer use ntpd, and so have not tested this.
I am not an authority on this subject; I am only passing along what
I've read. For more information, search for "ntpd =< 4.0.99k remote
buffer overflow" in the Bugtraq archives at
http://www.securityfocus.com.
- -d
- --
David Talkington
Prairienet
[EMAIL PROTECTED]
217-244-1962
PGP key: http://www.prairienet.org/~dtalk/dt000823.asc
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.75-6
iQEVAwUBOs4wsL1ZYOtSwT+tAQEVOggAkMF4ufe0NA2EZbxCF2KacLt8l72r8jN2
9u9/+cXDWQ+IsiF9URqU6KQDdh/ko1N/3uP/V4q4lk8j+nctuIXTH3tFlEXdsnn1
Ln7rVA08p7QSxX6zYjPmOvzlKMyI6gREhLUs+dvPcHeweh0G0Jr58qcBcTRwzWQk
zzR8W7QGFfMtXemEMOIJrjP0CcbNRhHJZMarx1sj5eYGiWJyP/07PP89z4if4MqV
kZIiEHSBnokdloFmk0RpdHt26J7BVhvtEloE+UB01K+vcOPgt0Wz/PwG7r9Bwqcv
CrlkNWMbqdFoeYUBb4vYA0Usv63+nCGnuhBkReAFBzNYmtTb5W2PzQ==
=Q6Yl
-----END PGP SIGNATURE-----
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
