ntp: config command can be used to set the pidfile and drift file paths

It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process immediately or the current estimated drift of the...

ntp: config command can be used to set the pidfile and drift file paths

It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process immediately or the current estimated drift of the...

NTP Arbitrary File Overwrite Vulnerability

NTP Network Time Protocol is a network protocol that synchronizes the clocks of two computers by exchanging packets. A security vulnerability exists in NTP versions prior to 4.2.8p4 and 4.3.x prior to 4.3.77. Since the program allows unlimited pidfile and driftfile paths to be set using the :conf...

Multiple Arbitrary File Overwrite Vulnerabilities in NTP

Network Time Protocol is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. The NTP :config command can set the pidfile and driftfile paths without restriction, allowing remote attackers to exploit this vulnerability to overwrite files on...

Security fix for the ALT Linux 6 package eggdrop version 1.6.18-alt2

Sept. 20, 2007 Vladimir V Kamarzin 1.6.18-alt2 - Security fix: CVE-2007-2807: Stack-based buffer overflow in mod/server.mod/servrmsg.c - Recode README.ALT to utf8 and update it - Create pseudouser on %pre stage - Install config to /var/lib/eggdrop - Load module blowfish by default - Change defaul...