FreeBSD, Inc. Information for VU#970472

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function



Vendor Statement

FreeBSD has released FreeBSD-SA-01:31 at:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The FreeBSD ports collection does contain a vulnerable version of ntpd.

A patch has been made available at:

This was in response to Problem Report 26358:

If you have feedback, comments, or additional information about this vulnerability, please send us email.