[ntp:questions] Windows Time with NTPv4

Martin Burnicki martin.burnicki at meinberg.de
Wed Mar 12 11:31:29 UTC 2008


David L. Mills wrote:
> Martin,
> Thanks for the reminder. In the six years hence the code has gone
> through a number of securiy audits and defensive adjustments, one or
> more of which might have plugged the hole. The code at time.nist.gov is
> 4.1.1b, which must be before 4.1.1c, dated 10 June 2003, and has the
> hole plugged, so the hole got plugged before that.

Hm, a search in the bitkeeper changelogs yields:

2002-08-04 (6 years) stenn 1.892
Attempt to compensate for Microsoft's protocol violations.
From: Dave Mills.

However, the most recent entry in the Changelog file from the v4.1.1b
tarball is:

ChangeSet at 1.786, 2002-02-26 22:44:34-05:00, stenn at whimsy.udel.edu
  TAG: NTP_4_1_1

Yes, the changlog still had a date stamp those days, and this one seems to
indicate that 4.1.1b has been release *before* the workaround for MS had
been introduced.

Anyway, those days the 4.1.1 versions were from the -stable branch whereas
the ntp-dev versions were 4.1.7x.

Since the workaround was added to ntp-dev it appeared (at least in the
changelog file) in the v4.1.73 tarball, which was released 2003-01-22.
So that workaround for w32time clients has never been in v4.1.1x versions,
however, it is in v4.2.0.

Looking through the changesets reveals that the workaround was modified and
finally removed in March/April 2005.

> There is talk about the code being audited by someone other than me, in
> which case the hole might get plugged again.

Maybe a comment in the code saying *why* this specific handling has been
added would prevent it from being removed. 

> Does the Meinberg workaround appear in Microsoft KB?

We've been searching for the reason of this problem with one of our
customers, and the first hint was in this news article at

This was forwarded to the German MS support who had been unable to help our
customer earlier. So finally a KB article was written on this topic. The KB
article was first used by MS internally only and then published, AFAIR in

Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont

More information about the questions mailing list