r29 - 28 Jul 2008 - 01:14:34 - SteveKosteckeYou are here: NTP >  Main Web > SoftwareDownloads

Software Downloads

Current versions of NTP

Release Version Date Download ChangeLog
Stable 4.2.4p7 2009/05/18 ftp/md5 http/md5 ftp http
Release Candidate 4.2.5p241-RC 2009/11/07 ftp/md5 http/md5 ftp http

Feed for: Current versions of NTP

Information and other download links

Stable Release NEWS

NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)

Focus: Security and Bug Fixes

Severity: HIGH

This release fixes the following high-severity vulnerability:

  • [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
See http://support.ntp.org/security for more information.

If autokey is enabled (if ntp.conf contains a "crypto pw whatever" line) then a carefully crafted packet sent to the machine will cause a buffer overflow and possible execution of injected code, running with the privileges of the ntpd process (often root).

Credit for finding this vulnerability goes to Chris Ries of CMU.

This release fixes the following low-severity vulnerabilities:

  • [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 Credit for finding this vulnerability goes to Geoff Keating of Apple.

  • [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows Credit for finding this issue goes to Dave Hart.

This release fixes a number of bugs and adds some improvements:

  • Improved logging
  • Fix many compiler warnings
  • Many fixes and improvements for Windows
  • Adds support for AIX 6.1
  • Resolves some issues under MacOS X and Solaris

ALERT! This is a strongly recommended upgrade.

more Complete NEWS file
more Complete Change Log

About the NTP Source Releases and Patches

The NTP (R&D) Project only produces source code releases of NTP; users needing precompiled versions of NTP should see the links page. These releases may be installed using the standard Unix "make" command in conjunction with a compiler and all necessary libraries.

Please contact your operating system vendor for binary packages or assistance with your package-management system.

IDEA! The NTP version numbering page explains the version numbering scheme.

NTP Archives from the NTP (R&D) Project at www.ntp.org

Tarballs (for both the release and development versions) and patch files are available from the:

Obsolete versions of NTP are available from the:

ALERT! Access to the FTP archive is restricted; incoming connections from certain IP addresses are blocked by the organization hosting the NTP (R&D) Project archives. Please try the HTTP archive if you are unable to access the FTP archive.

Precompiled packages and ports to other operating systems

Third-party implementations, including pre-compiled versions for operating systems such as Microsoft Windows, and some ports of the NTP package are linked to on the links page.

Receiving Notifications about new releases

Please visit ReleaseNotifications for more information about the many options available for receiving notifications about new NTP releases.

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r29 < r28 < r27 < r26 < r25 | More topic actions
 
NTP Public Services Project
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platformCopyright © 1999-2009 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback