----- Original Message Follows ----- > Hi full-disclosure! > > ntpd 1:4.2.0a-11 (as in debian testing/sarge and unstable/sid) > segfaults when accessing ntp servers on IPv6 hosts. I don't know > whether this bug is exploitable. But such a server on > pool.ntp.org might DoS many servers.
There are no IPv6 addresses in pool.ntp.org so there is no risk here. (dig AAAA pool.ntp.org) > > There is a fixed version available. > The latest ntp-dev tarball should have the fixes. Currently the number of ntp servers with IPv6 AAAA records is very low. > For more details see http://bugzilla.ntp.org/show_bug.cgi?id=353 > > Bernhard > Danny NTP Development _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
