[This from my ISP. The full CERT advisory is available at http://www.kb.cert.org/vuls/id/970472] All Linux, FreeBSD, NetBSD, and any other users who administer Unix machines at their home or in their workplace please take note: The xntpd and ntpd daemons, which are used for synchronizing time between multiple machines over a network, have a security vulnerability that allows remote attackers to gain root access. If you are using NTP on your Linux, FreeBSD, NetBSD, or any other Unix-ish operating system which you keep connected to the Internet on a regular basis, you should shut down the NTP daemon now and examine your machine for evidence of a remote attack. We have already received one report from a Panix customer who was probed Thursday night/ Friday morning. Users with commercial vendor versions of Unix (i.e. Solaris, AIX, HP-UX, etc) should contact their vendor for more information to find out if they are affected (I suspect they are, though it will take a while before someone puts together an exploit). In the meantime, you should stop running xntpd/ntpd until your vendor addresses the problem. Windows and Mac (except MacOS X) users can safely ignore this message. -- Ed PS: We've received reports of Panix customers with Linux machines being hacked at the rate of 1-2 per week for the couple of weeks - if you have ANY Linux or *BSD system that you have not updated with security fixes since January 1, or if you installed ANY Linux or *BSD system directly from the CD and have not updated it (like RedHat 6.2 or 7.0), that system is probably vulnerable to remote exploits.
