[ntp:hackers] CVE-2016-9311 and Windows

Jeremy Dilatush jdilatus at checkpoint.com
Wed Jan 4 23:52:51 UTC 2017

Hello --

Is the vulnerability CVE-2016-9311 (Sec 3119, fix released in November 2016) Windows-specific?

I see nothing in the fix code (1.3686.16.1 at bk1.ntp.org [1]) suggesting that, nor in the page at support.ntp.org [2], but the report has gone around (e.g. at https://www.kb.cert.org/vuls/id/633847) that only Windows is vulnerable.

I'm wondering if this is something that has changed, or is a misreading of the statement in the wiki regarding "1 HIGH severity vulnerability that only affects Windows" which seems to be referring to CVE-2016-9312 instead.

--- Jeremy

[1] http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=57e56dd78oiRnU9VrH-kn67zwJOoaA
[2] http://support.ntp.org/bin/view/Main/NtpBug3119
P.S. This is the third time I've sent this email.  I'm assuming there was a technical glitch, since the archives don't show any messages in this list from 23 November until the end of the year.  But if there's some other reason this hasn't shown up in the list archives, please let me know.  I'm not trying to pester the list.

More information about the hackers mailing list