[ntp:security] [Bug 1300] savecfg allows writes to any part of the filesystem
Dave Hart via the NTP Bugzilla
bugzilla at ntp.org
Fri Sep 11 17:35:11 UTC 2009
http://bugs.ntp.org/1300
----------------------------------------------------------------------------
Additional Comments From hart at ntp.org (Dave Hart)
Submitted on 2009-09-11 17:35
(In reply to comment #6)
> Consider that there is no key exchange protocol here, in most cases the keys
> will go in clear text across the wire.
Keys don't go on the wire. Keys are used to sign packets. I assume ntpq's
packets do not have a timestamp, so replay is an issue, but I don't see how
sniffing you issuing one command will let me issue a different one.
--
Dave Hart <hart at ntp.org>
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the security
mailing list