University of Delaware Information for VU#970472

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function

Status

Affected

Vendor Statement

The patch I sent out applies to the NTPv4 99k distribution which for
safety I fetched directly from its public place. For record:

--- ntp_control.c.1 Thu Apr  5 21:41:56 2001
+++ ntp_control.c Thu Apr  5 21:43:02 2001
@@ -1824,6 +1824,8 @@
while (cp < reqend && *cp !=
   ',')
*tp++ = *cp++;
+ if (tp >= buf + sizeof(buf))
+ return (0);
if (cp < reqend)
cp++;
*tp = '\0';

Not fancy; it's been a long day.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum


Target CVS repository:

http://maccarony.ntp.org/cgi-bin/cvsweb.cgi/ntp/ntpd/ntp_control.c?rev=1.33&content-type=text/x-cvsweb-markup

Target patched version:

ftp://ftp.udel.edu/pub/ntp/ntp4/ntp-4.0.99k23.tar.gz

If you have feedback, comments, or additional information about this vulnerability, please send us email.