[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yet another NTP security bug we fixed before the CVE issued

Subject: Yet another NTP security bug we fixed before the CVE issued
From: esr at thyrsus.com (Eric S. Raymond)
Date: Fri, 28 Oct 2016 15:45:36 -0400

http://forums.theregister.co.uk/forum/1/2016/10/28/researchers_tag_new_brace_of_bugs_in_ntp_but_theyre_fixable/

That'd be another CVE that NTPsec dodges before it's issued.

We removed interleaved mode months ago because the code smelled bad
and turned out to have an implementation error in the timestamp
handling.

On past performance, there'll be about a 75% chance each that we've
pre-fixed the other new security bugs.
-- 
		<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>

Follow-Ups:
- Yet another NTP security bug we fixed before the CVE issued
  - From: stenn at ntp.org (Harlan Stenn)

Prev by Date: CenturyLink in Advanced Talks to Merge With Level 3 Communications - Interweb is doomed
Next by Date: CenturyLink in Advanced Talks to Merge With Level 3 Communications - Interweb is doomed
Previous by thread: Need to reach someone in Bell Canada
Next by thread: Yet another NTP security bug we fixed before the CVE issued
Index(es):
- Date
- Thread