The SCO Group (SCO Linux) Information for VU#970472

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function

Status

Affected

Vendor Statement

We have now released updated packages:

   Caldera OpenLinux 2.3

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/

       19e51b89951b435061450398e764b753  RPMS/xntp-3.5.93e-5.i386.rpm
      08a990b5034679c0a37ebbe20e162d05  SRPMS/xntp-3.5.93e-5.src.rpm

   Caldera OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/

       df892fae73626a11107552d7d1a68e6e  RPMS/xntp-3.5.93e-5.i386.rpm
      663eb55d629cdcc0212583e92be15d11  SRPMS/xntp-3.5.93e-5.src.rpm

   Caldera OpenLinux eDesktop 2.4

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/

       fe7cffdf379ee9b69890f9fa9ff0f320  RPMS/xntp-4.0.97-2.i386.rpm
      ff34841b2f01a252e6e31cb91ffcada5  SRPMS/xntp-4.0.97-2.src.rpm

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Further details can be found in CSSA-2001-013 remote root exploit in ntpd available at:


http://www.caldera.com/support/security/advisories/CSSA-2001-013.0.txt

If you have feedback, comments, or additional information about this vulnerability, please send us email.