Debian: UPDATE: ntp denial of service

    Date10 Apr 2001
    CategoryDebian
    3477
    Posted ByLinuxSecurity Advisories
    Previous advisory introduced apotential denial of service attack.
    
    ----------------------------------------------------------------------------
    Debian Security Advisory DSA-045-2                       This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                                Michael Stone
    April 9, 2001
    ----------------------------------------------------------------------------
    
    Package: ntp
    Vulnerability: remote root exploit
    Debian-specific: no
    
    Przemyslaw Frasunek <This email address is being protected from spambots. You need JavaScript enabled to view it.> reported that ntp
    daemons such as that released with Debian GNU/Linux are vulnerable to a
    buffer overflow that can lead to a remote root exploit. A previous
    advisory (DSA-045-1) partially addressed this issue, but introduced a
    potential denial of service attack. This has been corrected for Debian
    2.2 (potato) in ntp version 4.0.99g-2potato2.
    
    We recommend you upgrade your ntp package immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    ------------------------------------
    
      Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
      architectures.
    
      Source archives:
         http://security.debian.org/debian-security/dists/stable/updates/main/source/ntp_4.0.99g-2potato2.diff.gz
          MD5 checksum: 33eced8dfeecefed9ecd7a5425dce07f
         http://security.debian.org/debian-security/dists/stable/updates/main/source/ntp_4.0.99g-2potato2.dsc
          MD5 checksum: b704b4528c96b6b22ff2809cd551c221
         http://security.debian.org/debian-security/dists/stable/updates/main/source/ntp_4.0.99g.orig.tar.gz
          MD5 checksum: 6f3132fb4f6a3ee411554d09270f562a
    
      Architecture-independent files:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-all/ntp-doc_4.0.99g-2potato2_all.deb
          MD5 checksum: cfa7f1a427fb65dc85eca68f823c95d7
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-all/xntp3_4.0.99g-2potato2_all.deb
          MD5 checksum: 3216aeca42720cd2b00f19ef05dc4ff8
    
      Alpha architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/ntp_4.0.99g-2potato2_alpha.deb
          MD5 checksum: 09b2b4720a150be0421d3126de807b21
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/ntpdate_4.0.99g-2potato2_alpha.deb
          MD5 checksum: 31d07aa810aa1b6b3a146e75ddb1fc6a
    
      ARM architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/ntp_4.0.99g-2potato2_arm.deb
          MD5 checksum: a099db2427b225e880da87c560bfb5b3
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/ntpdate_4.0.99g-2potato2_arm.deb
          MD5 checksum: fb8f5f35fc3b9f3db0d17c7fb302c6dd
    
      Intel ia32 architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/ntp_4.0.99g-2potato2_i386.deb
          MD5 checksum: 2a01903f179ccc41a87a8c9495f06747
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/ntpdate_4.0.99g-2potato2_i386.deb
          MD5 checksum: 915a79c8724151e0adf430ca57ad9844
    
      Motorola 680x0 architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/ntp_4.0.99g-2potato2_m68k.deb
          MD5 checksum: dc3826e35dafd4163062f149a63f2bbe
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/ntpdate_4.0.99g-2potato2_m68k.deb
          MD5 checksum: 6666baa200509e76e0c32dd0166bcb79
    
      PowerPC architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/ntp_4.0.99g-2potato2_powerpc.deb
          MD5 checksum: 8387ad0831907e26566b2d329425d0e1
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/ntpdate_4.0.99g-2potato2_powerpc.deb
          MD5 checksum: 5d90bf20314abc66efe7fea2ecb521d7
    
      Sun Sparc architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/ntp_4.0.99g-2potato2_sparc.deb
          MD5 checksum: b014f4a20d4a0c2ec5e788fafc7dd3cd
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/ntpdate_4.0.99g-2potato2_sparc.deb
          MD5 checksum: abe31f82a9b202b8880b51b97327cc3b
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    ----------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.