Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Slackware Information for VU#970472

Date Notified:
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

No direct statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Slackware has issued the following advisory regarding this problem:

http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2001&m=slackware-security.384116

An excerpt:

The version of xntp3 that shipped with Slackware 7.1 as well as the
version that was in Slackware -current contains a buffer overflow bug that
could lead to a root compromise.  Slackware 7.1 and Slackware -current
users are urged to upgrade to the new packages available for their
release.

The updated package available for Slackware 7.1 is a patched version of
xntp3.  The -current tree has been upgraded to ntp4, which also fixes the
problem.  If you want to continue using xntp3 on -current, you can use the
updated package from the Slackware 7.1 tree and it will work.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information