FreeBSD, Inc. Information for VU#970472

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function

Status

Affected

Vendor Statement

FreeBSD has released FreeBSD-SA-01:31 at:

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01%3a31.ntpd.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum


The FreeBSD ports collection does contain a vulnerable version of ntpd.

A patch has been made available at:

http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ntp/ntpd/ntp_control.c?r1+=1.1&r2=1.2

This was in response to Problem Report 26358:

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=26358

If you have feedback, comments, or additional information about this vulnerability, please send us email.