Debian Linux Information for VU#970472

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function

Status

Affected

Vendor Statement

Debian has released an advisory on this issue: Debian Security Advisory 045-2:

Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp
daemons such as that released with Debian GNU/Linux are vulnerable to a
buffer overflow that can lead to a remote root exploit. A previous
advisory (DSA-045-1) partially addressed this issue, but introduced a
potential denial of service attack. This has been corrected for Debian
2.2 (potato) in ntp version 4.0.99g-2potato2.

We recommend you upgrade your ntp package immediately.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Debian Security Advisory 045-2 is available at:

http://www.debian.org/security/2001/dsa-045

If you have feedback, comments, or additional information about this vulnerability, please send us email.