[192445] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Yet another NTP security bug we fixed before the CVE issued

daemon@ATHENA.MIT.EDU (Eric S. Raymond)
Fri Oct 28 15:45:42 2016

X-Original-To: nanog@nanog.org
Date: Fri, 28 Oct 2016 15:45:36 -0400
From: "Eric S. Raymond" <esr@thyrsus.com>
To: nanog@nanog.org
Reply-To: esr@thyrsus.com
Errors-To: nanog-bounces@nanog.org

http://forums.theregister.co.uk/forum/1/2016/10/28/researchers_tag_new_brace_of_bugs_in_ntp_but_theyre_fixable/

That'd be another CVE that NTPsec dodges before it's issued.

We removed interleaved mode months ago because the code smelled bad
and turned out to have an implementation error in the timestamp
handling.

On past performance, there'll be about a 75% chance each that we've
pre-fixed the other new security bugs.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[192445] in North American Network Operators' Group

Yet another NTP security bug we fixed before the CVE issued

daemon@ATHENA.MIT.EDU (Eric S. Raymond)Fri Oct 28 15:45:42 2016

daemon@ATHENA.MIT.EDU (Eric S. Raymond)
Fri Oct 28 15:45:42 2016