[ntp:hackers] CVE-2013-5211

Harlan Stenn stenn at ntp.org
Wed Jan 8 20:16:42 UTC 2014


David Malone writes:
> I've changed my scripts so that it will either use an rv query or
> an ntpdate query, depending on what the host will respond to, and
> I'm getting much higher response rates now. It seems that the sntp
> program doesn't print out the value of the leap bits, even in debug
> mode, so I can't use it at the moment.

What would you like sntp to do?

In sntp/networking.c we check to make sure any response we consider is
not LEAP_NOTINSYNC.  But yeah, we don't otherwise report any leap status
information.

H


More information about the hackers mailing list