On Thu, Jun 21, 2001 at 10:55:48AM -0400, Larry W. Cashdollar wrote: > > This has circulated on vuln-dev not sure if it made it here yet. Vendor > has been notified and released a fixed version 2.1.11. > > My exploit: > http://vapid.dhs.org/ntping_exp.c > > There is a much better exploit out there, but I am not sure if I have > permission to distribute it. So I will leave that to the author. Curious that they didn't respond when I told them about this last August. The port has been disabled in FreeBSD since then, but I kept on forgetting about it which is why we never followed up with an advisory. Kris
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 11:51:01 PDT