[ntp:security] [Bug 2655] Multiple vulnerabilities in ntpd

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Fri Sep 12 08:37:53 UTC 2014


https://bugs.ntp.org/show_bug.cgi?id=2655

--- Comment #2 from Stephen Röttger <stephen.roettger at gmail.com> 2014-09-12 08:37:53 UTC ---
I just noticed the following is no issue:
ntpd/ntp_control.c:2095 <ctl_getitem> (possible infoleak)
The pointer that is passed out of the function is to a static buffer and thus
not on the stack.
But this doesn't affect the RCE vulnerabilities.

-- 
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list