[ntp:security] Low-end memory leak DoS

Harlan Stenn stenn at nwtime.org
Thu Aug 27 03:58:14 UTC 2015


Brian,

If you could encrypt stuff like this that would be preferable.

We'll look at our direct submission for bugzilla and we'll also be
making an announcement about our general-use security PGP key soon.

Thanks!

H

On 8/26/15 7:41 PM, Brian Martin wrote:
> 
> NTP Team,
> 
> During the final testing of the last vulnerability reported, our
> engineer noticed that memory being used by ntpd was growing. With a
> crafted request, a remote attacker can leak 1500 bytes of memory.
> Looped, this can be used eventually cause serious resource issues, but
> may take a couple days. As such, we see it as a low risk issue but
> wanted to pass it along. Attached is a technical write-up and PoC to
> demonstrate it.
> 
> Brian Martin
> Tenable Security Response
> 
> 
> _______________________________________________
> security mailing list
> security at lists.ntp.org
> http://lists.ntp.org/listinfo/security
> 

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!



More information about the security mailing list