[ntp:security] [Bug 2901] New: Clients that receive a KoD should validate the origin timestamp field.

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Mon Aug 24 20:20:28 UTC 2015


http://bugs.ntp.org/show_bug.cgi?id=2901

             Bug #: 2901
           Summary: Clients that receive a KoD should validate the origin
                    timestamp field.
           Product: ntp
           Version: 4.2.8
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: Security Bugs
        AssignedTo: stenn at ntp.org
        ReportedBy: msa at latt.net
                CC: security at ntp.org
    Classification: Unclassified


4.2.6p5 and 4.2.8p2/3 clients have been observed to honor any received KoD with
the source address of a sys.peer, even when the packet contains an origin
timestamp that does not match the one in the client's chime request.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list