[ntp:security] [Bug 1300] savecfg allows writes to any part of the filesystem

Dave Hart via the NTP Bugzilla bugzilla at ntp.org
Fri Sep 11 17:35:11 UTC 2009


http://bugs.ntp.org/1300



----------------------------------------------------------------------------
Additional Comments From hart at ntp.org (Dave Hart)
Submitted on 2009-09-11 17:35

(In reply to comment #6)
> Consider that there is no key exchange protocol here, in most cases the keys
> will go in clear text across the wire.

Keys don't go on the wire.  Keys are used to sign packets.  I assume ntpq's 
packets do not have a timestamp, so replay is an issue, but I don't see how 
sniffing you issuing one command will let me issue a different one.

-- 
Dave Hart <hart at ntp.org>



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


More information about the security mailing list