[ntp:security] Security Vulnerability Notification in NTP daemon

Harlan Stenn stenn at ntp.org
Thu Feb 26 17:57:37 UTC 2009


Fergal,

Thanks, I'm looking forward to the call.

H
--
> Harlan,
> 
> =20
> 
> We will talk to you at 12 on Friday. Conf bridge ID and internet meeting
> URL details are below **.
> 
> =20
> 
> I'm sorry but the 4.2.4p5 scan won't be finished before the call. After
> reviewing the results we ask the project to mitigate the flaws and
> resubmit the application for an additional scan. The results of this
> scan will be released to our customer. We should decide tomorrow what
> version will be best to scan next.
> 
> =20
> 
> Talk to you tomorrow,
> 
> =20
> 
> Fergal
> 
> =20
> 
> =20
> 
> **Meeting details
> 
> =20
> 
> Dial-in:                 888-272-7337
> 
> International:   +1-303-928-2688
> 
> Conf ID:                2303739
> 
> =20
> 
> Fergal Glynn has invited you to attend an online meeting using Live
> Meeting.
> Join the meeting.
> <https://www.livemeeting.com/cc/veracode/join?id=3DF72JMB&role=3Dattend&p=
> w=3Dt
> nnF%5E%7B5>=20
> 
> =20
> 
> Copy this address and paste it into your web browser:=20
> https://www.livemeeting.com/cc/veracode/join=20
> 
> Copy and paste the required information:=20
> Meeting ID: F72JMB=20
> Entry Code: tnnF^{5
> 
> =20
> 
> =20
> 
> =20
> 
> =20
> 
> =20
> 
> -----Original Message-----
> From: Harlan Stenn [mailto:stenn at ntp.org]=20
> Sent: Thursday, February 26, 2009 1:14 AM
> To: Fergal Glynn
> Cc: Harlan Stenn; security at ntp.org
> Subject: Re: [ntp:security] Security Vulnerability Notification in NTP
> daemon=20
> 
> =20
> 
> Hi Fergal,
> 
> =20
> 
> > I'm glad you accessed the results. Can we try and do a quick call
> later
> 
> > in the week? I'd like to get your input on our analysis and discuss
> 
> > scanning a newer build. In terms of acknowledging Veracode's efforts,
> we
> 
> > would like to get your rating up to an A and then do a joint
> statement.
> 
> >=20
> 
> > Does Friday at 3 work?  That would be 12 noon your time?
> 
> =20
> 
> Yes, that will be fine.  Is there a chance the scan of 4.2.4p5 will be
> 
> finished by then?
> 
> =20
> 
> I'm hoping to release 4.2.6 soon, and that will come from the latest
> 
> ntp-dev code.  How difficult would it be to get that code scanned?
> 
> =20
> 
> Thanks...
> 
> =20
> 
> H
> 
> 
> ------_=_NextPart_001_01C99827.FDF62016
> Content-Type: text/html;
> 	charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
> 
> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
> xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
> xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
> xmlns=3D"http://www.w3.org/TR/REC-html40">
> 
> <head>
> <meta http-equiv=3DContent-Type content=3D"text/html; =
> charset=3Dus-ascii">
> <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
> <style>
> <!--
>  /* Font Definitions */
>  @font-face
> 	{font-family:Calibri;
> 	panose-1:2 15 5 2 2 2 4 3 2 4;}
> @font-face
> 	{font-family:Tahoma;
> 	panose-1:2 11 6 4 3 5 4 4 2 4;}
> @font-face
> 	{font-family:Consolas;
> 	panose-1:2 11 6 9 2 2 4 3 2 4;}
>  /* Style Definitions */
>  p.MsoNormal, li.MsoNormal, div.MsoNormal
> 	{margin:0in;
> 	margin-bottom:.0001pt;
> 	font-size:11.0pt;
> 	font-family:"Calibri","sans-serif";}
> a:link, span.MsoHyperlink
> 	{mso-style-priority:99;
> 	color:blue;
> 	text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
> 	{mso-style-priority:99;
> 	color:purple;
> 	text-decoration:underline;}
> p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
> 	{mso-style-priority:99;
> 	mso-style-link:"Plain Text Char";
> 	margin:0in;
> 	margin-bottom:.0001pt;
> 	font-size:10.5pt;
> 	font-family:Consolas;}
> span.PlainTextChar
> 	{mso-style-name:"Plain Text Char";
> 	mso-style-priority:99;
> 	mso-style-link:"Plain Text";
> 	font-family:Consolas;}
> span.EmailStyle19
> 	{mso-style-type:personal;
> 	font-family:"Arial","sans-serif";}
> .MsoChpDefault
> 	{mso-style-type:export-only;}
> @page Section1
> 	{size:8.5in 11.0in;
> 	margin:1.0in 1.0in 1.0in 1.0in;}
> div.Section1
> 	{page:Section1;}
>  /* List Definitions */
>  @list l0
> 	{mso-list-id:1109348745;
> 	mso-list-type:simple;
> 	mso-list-template-ids:-1943890862;}
> @list l0:level1
> 	{mso-level-tab-stop:none;
> 	mso-level-number-position:left;
> 	mso-level-legacy:yes;
> 	mso-level-legacy-indent:.25in;
> 	mso-level-legacy-space:0in;
> 	margin-left:0in;
> 	text-indent:0in;
> 	font-family:"Times New Roman","serif";}
> @list l1
> 	{mso-list-id:1950048123;
> 	mso-list-type:hybrid;
> 	mso-list-template-ids:-1780312216 1925610090 67698691 67698693 67698689
>  =
> 67698691 67698693 67698689 67698691 67698693;}
> @list l1:level1
> 	{mso-level-start-at:0;
> 	mso-level-number-format:bullet;
> 	mso-level-text:\F0B7;
> 	mso-level-tab-stop:none;
> 	mso-level-number-position:left;
> 	text-indent:-.25in;
> 	font-family:Symbol;
> 	mso-fareast-font-family:"Times New Roman";
> 	mso-bidi-font-family:"Times New Roman";}
> @list l1:level2
> 	{mso-level-tab-stop:1.0in;
> 	mso-level-number-position:left;
> 	text-indent:-.25in;}
> @list l1:level3
> 	{mso-level-tab-stop:1.5in;
> 	mso-level-number-position:left;
> 	text-indent:-.25in;}
> @list l1:level4
> 	{mso-level-tab-stop:2.0in;
> 	mso-level-number-position:left;
> 	text-indent:-.25in;}
> @list l1:level5
> 	{mso-level-tab-stop:2.5in;
> 	mso-level-number-position:left;
> 	text-indent:-.25in;}
> @list l1:level6
> 	{mso-level-tab-stop:3.0in;
> 	mso-level-number-position:left;
> 	text-indent:-.25in;}
> @list l1:level7
> 	{mso-level-tab-stop:3.5in;
> 	mso-level-number-position:left;
> 	text-indent:-.25in;}
> @list l1:level8
> 	{mso-level-tab-stop:4.0in;
> 	mso-level-number-position:left;
> 	text-indent:-.25in;}
> @list l1:level9
> 	{mso-level-tab-stop:4.5in;
> 	mso-level-number-position:left;
> 	text-indent:-.25in;}
> ol
> 	{margin-bottom:0in;}
> ul
> 	{margin-bottom:0in;}
> -->
> </style>
> <!--[if gte mso 9]><xml>
>  <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
>  <o:shapelayout v:ext=3D"edit">
>   <o:idmap v:ext=3D"edit" data=3D"1" />
>  </o:shapelayout></xml><![endif]-->
> </head>
> 
> <body lang=3DEN-US link=3Dblue vlink=3Dpurple>
> 
> <div class=3DSection1>
> 
> <p class=3DMsoPlainText>Harlan,<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>We will talk to you at 12 on Friday. Conf bridge =
> ID and
> internet meeting URL details are below **.<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>I&#8217;m sorry but the 4.2.4p5 scan won&#8217;t =
> be
> finished before the call. After reviewing the results we ask the project =
> to
> mitigate the flaws and resubmit the application for an additional scan. =
> The
> results of this scan will be released to our customer. We should decide
> tomorrow what version will be best to scan next.<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>Talk to you tomorrow,<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>Fergal<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>**Meeting details<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoNormal>Dial-in:
> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;
> 8<span style=3D'color:#1F497D'>88</span>-272-7337<o:p></o:p></p>
> 
> <p class=3DMsoNormal>International: &nbsp; =
> +1-303-928-2688<o:p></o:p></p>
> 
> <p class=3DMsoNormal>Conf
> ID:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
> p;&nbsp;&nbsp;&nbsp;
> 2303739<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Fergal
> Glynn has invited you to attend an online meeting using Live =
> Meeting.</span><span
> style=3D'font-size:12.0pt;font-family:"Arial","sans-serif"'><br>
> </span><b><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a
> href=3D"https://www.livemeeting.com/cc/veracode/join?id=3DF72JMB&amp;role=
> =3Dattend&amp;pw=3DtnnF%5E%7B5"><span
> style=3D'color:blue'>Join the =
> meeting.</span></a></span></b><o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoNormal style=3D'text-autospace:none'><span =
> style=3D'font-size:10.0pt;
> font-family:"Tahoma","sans-serif"'>Copy this address and paste it into =
> your web
> browser: </span><span =
> style=3D'font-size:12.0pt;font-family:"Arial","sans-serif"'><br>
> </span><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a
> href=3D"https://www.livemeeting.com/cc/veracode/join">https://www.livemee=
> ting.com/cc/veracode/join</a>
> </span><span =
> style=3D'font-size:12.0pt;font-family:"Arial","sans-serif"'><o:p></o:p></=
> span></p>
> 
> <p class=3DMsoPlainText><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Copy
> and paste the required information: </span><span =
> style=3D'font-size:12.0pt;
> font-family:"Arial","sans-serif"'><br>
> </span><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Meeting
> ID: F72JMB </span><span =
> style=3D'font-size:12.0pt;font-family:"Arial","sans-serif"'><br>
> </span><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Entry
> Code: tnnF^{5</span><o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>-----Original Message-----<br>
> From: Harlan Stenn [mailto:stenn at ntp.org] <br>
> Sent: Thursday, February 26, 2009 1:14 AM<br>
> To: Fergal Glynn<br>
> Cc: Harlan Stenn; security at ntp.org<br>
> Subject: Re: [ntp:security] Security Vulnerability Notification in NTP =
> daemon <o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>Hi Fergal,<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>&gt; I'm glad you accessed the results. Can we =
> try and do
> a quick call later<o:p></o:p></p>
> 
> <p class=3DMsoPlainText>&gt; in the week? I'd like to get your input on =
> our
> analysis and discuss<o:p></o:p></p>
> 
> <p class=3DMsoPlainText>&gt; scanning a newer build. In terms of =
> acknowledging
> Veracode's efforts, we<o:p></o:p></p>
> 
> <p class=3DMsoPlainText>&gt; would like to get your rating up to an A =
> and then do
> a joint statement.<o:p></o:p></p>
> 
> <p class=3DMsoPlainText>&gt; <o:p></o:p></p>
> 
> <p class=3DMsoPlainText>&gt; Does Friday at 3 work?&nbsp; That would be =
> 12 noon
> your time?<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>Yes, that will be fine.&nbsp; Is there a chance =
> the scan
> of 4.2.4p5 will be<o:p></o:p></p>
> 
> <p class=3DMsoPlainText>finished by then?<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>I'm hoping to release 4.2.6 soon, and that will =
> come from
> the latest<o:p></o:p></p>
> 
> <p class=3DMsoPlainText>ntp-dev code.&nbsp; How difficult would it be to =
> get that
> code scanned?<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>Thanks...<o:p></o:p></p>
> 
> <p class=3DMsoPlainText><o:p>&nbsp;</o:p></p>
> 
> <p class=3DMsoPlainText>H<o:p></o:p></p>
> 
> </div>
> 
> </body>
> 
> </html>
> 
> ------_=_NextPart_001_01C99827.FDF62016--


More information about the security mailing list