Security Information / 2001 / Security Information -- DSA-045-2 ntpd

Debian Security Advisory

DSA-045-2 ntpd -- remote root exploit

Date Reported:

09 Apr 2001

Affected Packages:

ntpd

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 2450.
In Mitre's CVE dictionary: CVE-2001-0414.

More information:

Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit. A previous advisory (DSA-045-1) partially addressed this issue, but introduced a potential denial of service attack. This has been corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato2.

Fixed in:

Debian 2.2 (potato)

Source:

http://security.debian.org/debian-security/dists/stable/updates/main/source/ntp_4.0.99g-2potato2.diff.gz

http://security.debian.org/debian-security/dists/stable/updates/main/source/ntp_4.0.99g-2potato2.dsc

http://security.debian.org/debian-security/dists/stable/updates/main/source/ntp_4.0.99g.orig.tar.gz

Architecture-independent component:

http://security.debian.org/debian-security/dists/stable/updates/main/binary-all/ntp-doc_4.0.99g-2potato2_all.deb

http://security.debian.org/debian-security/dists/stable/updates/main/binary-all/xntp3_4.0.99g-2potato2_all.deb

alpha:

http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/ntp_4.0.99g-2potato2_alpha.deb

http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/ntpdate_4.0.99g-2potato2_alpha.deb

arm:

http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/ntp_4.0.99g-2potato2_arm.deb

http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/ntpdate_4.0.99g-2potato2_arm.deb

i386:

http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/ntp_4.0.99g-2potato2_i386.deb

http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/ntpdate_4.0.99g-2potato2_i386.deb

m68k:

http://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/ntp_4.0.99g-2potato2_m68k.deb

http://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/ntpdate_4.0.99g-2potato2_m68k.deb

powerpc:

http://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/ntp_4.0.99g-2potato2_powerpc.deb

http://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/ntpdate_4.0.99g-2potato2_powerpc.deb

sparc:

http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/ntp_4.0.99g-2potato2_sparc.deb

http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/ntpdate_4.0.99g-2potato2_sparc.deb