nanog mailing list archives
Yet another NTP security bug we fixed before the CVE issued
From: "Eric S. Raymond" <esr () thyrsus com>
Date: Fri, 28 Oct 2016 15:45:36 -0400
http://forums.theregister.co.uk/forum/1/2016/10/28/researchers_tag_new_brace_of_bugs_in_ntp_but_theyre_fixable/ That'd be another CVE that NTPsec dodges before it's issued. We removed interleaved mode months ago because the code smelled bad and turned out to have an implementation error in the timestamp handling. On past performance, there'll be about a 75% chance each that we've pre-fixed the other new security bugs. -- <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
Current thread:
- Yet another NTP security bug we fixed before the CVE issued Eric S. Raymond (Oct 28)
- Re: Yet another NTP security bug we fixed before the CVE issued Harlan Stenn (Oct 28)
- Re: Yet another NTP security bug we fixed before the CVE issued Eric S. Raymond (Oct 28)
- Re: Yet another NTP security bug we fixed before the CVE issued Harlan Stenn (Oct 28)