Berkeley Software Design, Inc. Information for VU#970472

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function

Status

Affected

Vendor Statement

The version of ntp shipped with BSD/OS is vulnerable to this problem

so sites which have configured ntpd should update to the patched version
available from BSDI's web, ftp or patches servers.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.