oss-sec mailing list archives
Re: Re: CVE to the ntp monlist DDoS issue?
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 30 Dec 2013 23:40:37 +0100
* Moritz Muehlenhoff:
On Mon, Dec 30, 2013 at 09:05:56AM -0500, cve-assign () mitre org wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Has anyone thought about assigning a CVE to this?http://bugs.ntp.org/show_bug.cgi?id=1532 was assigned CVE-2013-5211.Shouldn't this rather be CVE-2010-XXXX ?
I don't think this was previously discussed as a security issue in public. There is a 2011 reference here that explicitly cites amplification factors, though: <http://lists.ntp.org/pipermail/pool/2011-December/005616.html> This has an odd feeling of déjà vu to me, but I suspect the previous discusssions have been on private channels of which I no longer have records.
Current thread:
- CVE to the ntp monlist DDoS issue? Mike O'Connor (Dec 30)
- Re: CVE to the ntp monlist DDoS issue? cve-assign (Dec 30)
- Re: Re: CVE to the ntp monlist DDoS issue? Moritz Muehlenhoff (Dec 30)
- Re: Re: CVE to the ntp monlist DDoS issue? Florian Weimer (Dec 30)
- Re: Re: CVE to the ntp monlist DDoS issue? Moritz Muehlenhoff (Dec 30)
- Re: CVE to the ntp monlist DDoS issue? Xin Li (Dec 30)
- Re: CVE to the ntp monlist DDoS issue? cve-assign (Dec 30)