xntp is the network time protocol package widely used with many unix and linux systems for system time synchronization over a network. An exploit published by Przemyslaw Frasunek demonstrates a buffer overflow in the control request parsing code. The exploit allows a remote attacker to execute arbitrary commands as root. All versions as shipped with SuSE Linux are affected by the buffer overflow problem.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 6.1 | alpha | xntp | < 4.0.92c-40 | xntp-4.0.92c-40.alpha.rpm |
openSUSE | 6.2 | i386 | xntp | < 4.0.93a-18 | xntp-4.0.93a-18.i386.rpm |
openSUSE | 7.1 | i386 | xntp | < 4.0.99f-34 | xntp-4.0.99f-34.i386.rpm |
openSUSE | 7.0 | i386 | xntp | < 4.0.99f-37 | xntp-4.0.99f-37.i386.rpm |
openSUSE | 6.4 | ppc | xntp | < 4.0.99f-21 | xntp-4.0.99f-21.ppc.rpm |
openSUSE | 6.3 | i386 | xntp | < 4.0.98d-1 | xntp-4.0.98d-1.i386.rpm |
openSUSE | 7.0 | alpha | xntp | < 4.0.99f-22 | xntp-4.0.99f-22.alpha.rpm |
openSUSE | 6.4 | alpha | xntp | < 4.0.99f-22 | xntp-4.0.99f-22.alpha.rpm |
openSUSE | 6.3 | alpha | xntp | < 4.0.98d-1 | xntp-4.0.98d-1.alpha.rpm |
openSUSE | 7.0 | ppc | xntp | < 4.0.99f-21 | xntp-4.0.99f-21.ppc.rpm |