[ntp:security] [Bug 2671] New: vallen is not validated, leading to potential info leak
bugzilla-daemon at ntp.org
bugzilla-daemon at ntp.org
Mon Nov 3 00:40:13 UTC 2014
http://bugs.ntp.org/show_bug.cgi?id=2671
Bug #: 2671
Summary: vallen is not validated, leading to potential info
leak
Product: ntp
Version: 4.2.6
Platform: N/A
OS/Version: All
Status: CONFIRMED
Severity: critical
Priority: P2
Component: Security Bugs
AssignedTo: stenn at ntp.org
ReportedBy: stenn at ntp.org
CC: security at ntp.org, stephen.roettger at gmail.com
Blocks: 2655
Group: Security
Classification: Unclassified
Harlan Stenn <stenn at ntp.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |blocking4.2.6+,
| |blocking4.2.8+
+++ This bug was initially created as a clone of Bug #2655 +++
7) Missing validation of vallen leading to various info leaks
* ntpd/ntp_crypto.c:571
* ntpd/ntp_crypto.c:1162
* ntpd/ntp_crypto.c:1559
* ntpd/ntp_crypto.c:2117
* ntpd/ntp_crypto.c:1461
fix: verify that the packet format is valid right after it was received
--
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the security
mailing list