[ntp:security] [Bug 2655] Multiple vulnerabilities in ntpd

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Mon Nov 3 00:41:02 UTC 2014


http://bugs.ntp.org/show_bug.cgi?id=2655

--- Comment #12 from Harlan Stenn <stenn at ntp.org> 2014-11-03 00:41:02 UTC ---
(In reply to comment #4)

> 7) Missing validation of vallen leading to various info leaks
> * ntpd/ntp_crypto.c:571
> * ntpd/ntp_crypto.c:1162
> * ntpd/ntp_crypto.c:1559
> * ntpd/ntp_crypto.c:2117
> * ntpd/ntp_crypto.c:1461
>  fix: verify that the packet format is valid right after it was received

This issue is being tracked in bug 2671.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list