FYI: ntpd, CVE-2009-1252, remote code execution with enabled
Autokey authentication
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Thu May 21 15:27:15 UTC 2009
For those who are running Autokey with stock NTPD:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252
http://www.freebsd.org/cgi/query-pr.cgi?pr=134787
For users of net/ntp:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134755
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134756
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
More information about the freebsd-security
mailing list