Berkeley Software Design, Inc. Information for VU#970472

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function



Vendor Statement

The version of ntp shipped with BSD/OS is vulnerable to this problem

so sites which have configured ntpd should update to the patched version
available from BSDI's web, ftp or patches servers.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.