[ntp:security] [Bug 1331] DoS with mode 7 packets (CVE-2009-3563)
mayer at ntp.org
Thu Oct 8 03:16:32 UTC 2009
After review of the rate-limited logging that was suggested I have
concluded that it would be a potential problem dealing with the
"current_time" variable which has not been declared volatile and has no
locks around it for potential problems with multiple access and changes.
This kind of logging should be left to a regular release of the code
when there is time to ensure that the time used to check for
rate-limiting is atomically retrieved.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the security