[ntp:security] Potential issue with patch for ctl_putdata overflow

Florian Weimer fweimer at redhat.com
Fri Dec 19 10:54:59 UTC 2014


Hi,

this patch:

<http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg>

seems to introduce a packet amplifier (multiple response packets to a 
single query packet).  As a result, it might protect the host running 
ntpd, but it endangers the rest of the Internet.  Could you please 
provide a better fix?

Thanks,
Florian
-- 
Florian Weimer / Red Hat Product Security


More information about the security mailing list