[Bug 291265] Re: Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid

Debdiff for Intrepid SRU nagios-plugins (1.4.11-2ubuntu2.1) intrepid-proposed; urgency=low * Added 99_check_ntp_segfaults.dpatch: Fix for check_ntp and check_ntp_peer segfaults (LP: #291265) ** Attachment added: nagios-plugins_1.4.11-2ubuntu2.1.debdiff

[Bug 291265] Re: Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid

Fix is in SVN r2086: http://nagiosplug.svn.sourceforge.net/viewvc/nagiosplug?view=revrevision=2086 ** Changed in: nagios-plugins (Ubuntu) Assignee: (unassigned) = Thierry Carrez (tcarrez) Status: Confirmed = In Progress -- Buffer overflow in check_ntp_peer - Nagios can't check time

[Bug 291265] Re: Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid

Debdiff to fix this in the current development release nagios-plugins (1.4.12-4ubuntu2) jaunty; urgency=low * Added 99_check_ntp_segfaults.dpatch: Fix for check_ntp and check_ntp_peer segfaults (LP: #291265) ** Attachment added: nagios-plugins_1.4.12-4ubuntu2.debdiff

[Bug 291265] Re: Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid

This bug was fixed in the package nagios-plugins - 1.4.12-4ubuntu2 --- nagios-plugins (1.4.12-4ubuntu2) jaunty; urgency=low * Added 99_check_ntp_segfaults.dpatch: Fix for check_ntp and check_ntp_peer segfaults (LP: #291265) -- Thierry Carrez [EMAIL PROTECTED] Wed, 19 Nov

[Bug 291265] Re: Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid

Thank you for the job, mantainers and developers! -- Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid https://bugs.launchpad.net/bugs/291265 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in

[Bug 291265] Re: Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid

Confirmed, something gets caught by the stack smashing police. Regression in intrepid, as it was working well in hardy. ** Changed in: nagios-plugins (Ubuntu) Importance: Undecided = High Status: New = Confirmed -- Buffer overflow in check_ntp_peer - Nagios can't check time servers in

[Bug 291265] Re: Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid

It fails on line 264 on if(read(conn, req, SIZEOF_NTPCM(req)) == -1) Upstream bug is: http://sourceforge.net/tracker/?func=detailatid=397597aid=1999319group_id=29880 It's closed by saying the bug is in _FORTIFY_SOURCE, as the author checked that the read call should not exceed allocated value.

[Bug 291265] Re: Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid

I looked at this a bit, and the math seems to be wrong in this line: #define SIZEOF_NTPCM(m) (12+ntohs(m.count)+((m.count)?4-(ntohs(m.count)%4):0)) In ntp_request we have (where MAX_CM_SIZE is defined as 468): req.count=htons(MAX_CM_SIZE); Which makes req.count = 54273. Later, we have: