CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Slackware Information for VU#970472

Date Notified
Date Modified05/22/2008 12:42:44 PM
Status SummaryVulnerable

Vendor Statement

No direct statement is currently available from the vendor regarding this vulnerability.

Addendum

Slackware has issued the following advisory regarding this problem:

http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2001&m=slackware-security.384116

An excerpt:

The version of xntp3 that shipped with Slackware 7.1 as well as the
version that was in Slackware -current contains a buffer overflow bug that
could lead to a root compromise.  Slackware 7.1 and Slackware -current
users are urged to upgrade to the new packages available for their
release.

The updated package available for Slackware 7.1 is a patched version of
xntp3.  The -current tree has been upgraded to ntp4, which also fixes the
problem.  If you want to continue using xntp3 on -current, you can use the
updated package from the Slackware 7.1 tree and it will work.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2012 Carnegie Mellon University