Immunix OS Security update for ntp and xntp3

From: Greg KH (greg@WIREX.COM)
Date: Fri Apr 06 2001 - 20:34:34 CEST

  • Next message: bugzilla@REDHAT.COM: "[RHSA-2001:045-05] Network Time Daemon (ntpd) has potential remote root exploit"

    -----------------------------------------------------------------------
            Immunix OS Security Advisory

    Packages updated: ntp and xntp3
    Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
    Bugs Fixed: immunix/1539
    Date: April 6, 2001
    Advisory ID: IMNX-2001-70-013-01
    Author: Greg Kroah-Hartman <greg@wirex.com>
    -----------------------------------------------------------------------

    Description:

      Przemyslaw Frasunek has found a buffer overflow in the ntpd package
      (see http://www.securityfocus.com/archive/1/174011 for more details).
      The StackGuard protection in Immunix is effective at stopping this
      attack. If the published exploit is run against the Immunix version,
      it will cause ntpd to exit with a StackGuard detection message but no
      penetration vulnerability is possible. WireX is releasing updated
      packages to prevent the residual DoS attack.

    Package names and locations:

      Precompiled binary package for Immunix 6.2 is available at:
        http://immunix.org/ImmunixOS/6.2/updates/RPMS/xntp3-5.93-14_StackGuard_2.i386.rpm

      Source package for Immunix 6.2 is available at:
        http://immunix.org/ImmunixOS/6.2/updates/SRPMS/xntp3-5.93-14_StackGuard_2.src.rpm

      Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
        http://immunix.org/ImmunixOS/7.0/updates/RPMS/ntp-4.0.99j-7_imnx_2.i386.rpm

      Source package for Immunix 7.0-beta and 7.0 is available at:
        http://immunix.org/ImmunixOS/7.0/updates/SRPMS/ntp-4.0.99j-7_imnx_2.src.rpm

    md5sums of the packages:
      4a87c36da4418926d95c5a19cd913f48 xntp3-5.93-14_StackGuard_2.i386.rpm
      ca27c920f4d35c04af607f99d5186ecc xntp3-5.93-14_StackGuard_2.src.rpm

      f252ef724b86c00669967b402b22c982 ntp-4.0.99j-7_imnx_2.i386.rpm
      b54bbe7aa77a16a0422d97cdc7cdb504 ntp-4.0.99j-7_imnx_2.src.rpm

    Online version of all Immunix 6.2 updates and advisories:
      http://immunix.org/ImmunixOS/6.2/updates/

    Online version of all Immunix 7.0-beta updates and advisories:
      http://immunix.org/ImmunixOS/7.0-beta/updates/

    Online version of all Immunix 7.0 updates and advisories:
      http://immunix.org/ImmunixOS/7.0/updates/

    NOTE:
      Ibiblio is graciously mirroring our updates, so if the links above are
      slow, please try:
        ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
      or one of the many mirrors available at:
        http://www.ibiblio.org/pub/Linux/MIRRORS.html





    This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 21:18:24 CEST