Re: suid scotty (ntping) overflow (fwd)

["Larry W. Cashdollar" <lwc () Vapid dhs org>]

---------- Forwarded message ----------
Date: Fri, 15 Jun 2001 12:31:23 +0200
From: Juergen Schoenwaelder <schoenw () ibr cs tu-bs de>
To: lwc () vapid dhs org
Subject: Re: suid scotty (ntping) overflow (fwd)


> > > > > Larry W Cashdollar writes:

Larry> Sir, I am subscribed to the vuln-dev mailing list at
Larry> securityfocus, a member has found a buffer overflow in
Larry> ntping.c. I have dug deeper and written an exploit and made a
Larry> recommendation for a fix.  Please see below.

I have fixed this problem in scotty 2.1.11 which I just released a few
minutes ago.

/js

-- 
Juergen Schoenwaelder      Technical University Braunschweig
<schoenw () ibr cs tu-bs de>  Dept. Operating Systems & Computer Networks
Phone: +49 531 391 3289    Bueltenweg 74/75, 38106 Braunschweig, Germany
Fax:   +49 531 391 5936    <URL:http://www.ibr.cs.tu-bs.de/~schoenw/>