oss-sec mailing list archives

Re: CVE request for some NTP stuff

From: Gsunde Orangen <gsunde.orangen () gmail com>
Date: Thu, 05 Feb 2015 00:03:29 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Kurt,

On 2015-02-04, 23:24 Kurt Seifried wrote:

I haven't seen any CVE's for these yet:

http://bugs.ntp.org/show_bug.cgi?id=2671 vallen is not validated,
leading to potential info leak

CVE-2014-9297 (according to
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities)


http://bugs.ntp.org/show_bug.cgi?id=2655 Multiple vulnerabilities
in ntpd

This bug lists 8 different bugs, Bugs #1 - #7 are tracked in different
ids (#7 is the one above: id=2671)
The remaining bug #8 is defined as CVE-2014-9298 as in
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

Note however, that the Cert VNDB
(http://www.kb.cert.org/vuls/id/852879) uses the same CVEs for bugs #7
and #8, but mutually exchanged!
Either ntp.org or cert.org is wrong...


Thanks.

You're welcome ;-)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJU0qVBAAoJEF7aEoIg1YgH+8oH/2pXmwBExzjUtwUFGozKp2jw
EMSV63+fgqQhy/8NyypAc5sCPhUFMiY9rNhtq/XzyiSMP0LaD0CqEjOyRPZM1LCj
qWaRjrip8U6YDKAuUk3nMW7MHb/0DYWVTYIGFSaAYM3QJ2MuEiT0Jr+t3beFbzIe
IdpBm8gsb4ZfiWGggy0bmp3VLqDYvzuekpmG+UGtk8he027KGHyrE54wZ0XlNgUj
u85ugKyT0CO9/qrxBgFyckCQCQh3o2uPJdACm21x8lytdrsiXNNU3dW1oToH1IP0
kUo+8o2qjZgygRlZTkjATuevGTMX0V5/uz9awgQfG0Ggmhr9Ff2xGMNFjf4fRQo=
=XUnN
-----END PGP SIGNATURE-----

Current thread:

CVE request for some NTP stuff Kurt Seifried (Feb 04)
- Re: CVE request for some NTP stuff Gsunde Orangen (Feb 04)