[ntp:security] [FICORA #829967] ntpd control message crash

Harlan Stenn stenn at nwtime.org
Thu Jun 18 15:53:48 UTC 2015


Hi Posi,

Thanks, and I hope you have a great vacation!

H

On 6/18/15 6:43 AM, Pasi Korhonen wrote:
> On 18/06/15 04:10, Harlan Stenn wrote:
>> Aleksis and Pasi,
>>
>> Thanks for the report.
>>
>> Do you folks have PGP/GPG keys?
> 
>     hi Harlan,
> 
> in general, we don't have PGP keys in use, but use another comms
> strategy: we just invited you to our wiki-based collaboration
> environment (accessed over TLS/SSL), the same that we use to forward
> found issues to NCSC-FI. I hope this will be sufficient for our
> communication needs.
> 
> You can found our findings there, add your commentary to the wiki page,
> upload files if necessary, and we can even do an XMPP chat inside the
> collab, if there's any need for realtime discussion.
> 
> You should already have received credentials in a separate email, please
> try out the collab and ask for additional help if needed.
> 
> ---
> 
> If you'd like to discuss the mechanics or reproduction of the issue at
> hand, our developer Aleksis Kauppinen is the right contact person, he
> can answer to your questions about the reported issue.
> 
> Personally, I'll be on vacation for the next 4 weeks, starting now, as
> midsummer is upon us. While I'm out of office, feel free to engage into
> a conversation with Aleksis in order to proceed with the issue.
> 
> Please let us know what you would need from our direction, and we'll
> work along from that?
> 
>     best regards,
>     Pasi Korhonen
>     Codenomicon
> 
> 
>> Thanks!
>>
>> H
>>
>> On 6/16/15 2:21 AM, NCSC-FI Vulnerability Co-ordination wrote:
>>> Hello,
>>>
>>> There seems to be a problem with ntpd 4.2.8 crashing with specific
>>> control message input. Please see the attached html file for a
>>> description of the problem, more information is included in the pcap
>>> and zip files. If you have any questions, don't hesitate to contact
>>> us, thanks.
>>>
>>>    Tapio
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> security mailing list
>>> security at lists.ntp.org
>>> http://lists.ntp.org/listinfo/security
>>>
>>
> 

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!



More information about the security mailing list