[ntp:security] [Bug 1300] savecfg allows writes to any part of the filesystem

Dave Hart via the NTP Bugzilla bugzilla at ntp.org
Fri Sep 11 17:35:11 UTC 2009


Additional Comments From hart at ntp.org (Dave Hart)
Submitted on 2009-09-11 17:35

(In reply to comment #6)
> Consider that there is no key exchange protocol here, in most cases the keys
> will go in clear text across the wire.

Keys don't go on the wire.  Keys are used to sign packets.  I assume ntpq's 
packets do not have a timestamp, so replay is an issue, but I don't see how 
sniffing you issuing one command will let me issue a different one.

Dave Hart <hart at ntp.org>

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the security mailing list