From tsl@TRUSTIX.COM Mon Apr 9 23:39:26 2001 From: tsl@TRUSTIX.COM To: BUGTRAQ@SECURITYFOCUS.COM Date: Mon, 9 Apr 2001 15:56:57 +0200 Subject: [BUGTRAQ] Trustix Security Advisory #2001-0004 - xntpd -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2001-0004 Package name: Xntpd Severity: Possible remote exploit Date: 2001-04-06 Affected versions: TSL 1.01, 1.1, 1.2 - -------------------------------------------------------------------------- Problem description: A buffer overflow in the Xntp NTP daemon has been found. This bug can lead to a remote root exploit. Action: We recommend all systems which has this package installed to be upgraded. Location: All TSL updates are available from Users of the SWUP tool, can enjoy having the security updates automatically installed using 'swup --upgrade'. Get SWUP from: ftp://ftp.trustix.net/pub/Trustix/software/swup/ Questions? Check out our mailinglists: http://www.trustix.net/support/ Verification: This advisory is signed with the TSL sign key. It is available from: http://www.trustix.net/TSL-GPG-KEY Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE60Xe5wRTcg4BxxS0RAlZRAJ4sevmP6trfiPldbgyOn/cxEjyxlwCeLM3d qfU1d/OTWyb40XNarsI+Sas= =9+EH -----END PGP SIGNATURE----- -- Trustix Secure Linux Advisor Homepage: http://www.trustix.net/ Errata: http://www.trustix.net/errata/ Automatic updates: http://www.trustix.net/pub/Trustix/software/swup/