oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for some NTP stuff

From: Gsunde Orangen <gsunde.orangen () gmail com>
Date: Tue, 14 Apr 2015 08:55:36 +0200
This is just a "cleanup" notice for those two ntp vulnerabilities that
were resolved on Feb 4th:

On 2015-02-05, 00:03 Gsunde Orangen wrote:

Hi Kurt,

On 2015-02-04, 23:24 Kurt Seifried wrote:

I haven't seen any CVE's for these yet:



http://bugs.ntp.org/show_bug.cgi?id=2671 vallen is not validated,
leading to potential info leak

CVE-2014-9297 (according to 
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities)







http://bugs.ntp.org/show_bug.cgi?id=2655 Multiple vulnerabilities
in ntpd

This bug lists 8 different bugs, Bugs #1 - #7 are tracked in 
different ids (#7 is the one above: id=2671) The remaining bug #8 
is defined as CVE-2014-9298 as in 
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities




Note however, that the Cert VNDB 
(http://www.kb.cert.org/vuls/id/852879) uses the same CVEs for
bugs #7 and #8, but mutually exchanged! Either ntp.org or cert.org
is wrong...


cert.org was wrong but had apparently fixed it immediately after that
notice.





Thanks.


You're welcome ;-)
Previous By Date Next
Previous By Thread Next

Current thread: