[ntp:security] [FICORA #829967] ntpd control message crash
stenn at nwtime.org
Thu Jun 18 19:58:29 UTC 2015
I've just updated the wiki.
I hope my comments/questions are easy to find.
Is there a way I can get notification when the wiki is updated?
On 6/18/15 6:43 AM, Pasi Korhonen wrote:
> On 18/06/15 04:10, Harlan Stenn wrote:
>> Aleksis and Pasi,
>> Thanks for the report.
>> Do you folks have PGP/GPG keys?
> hi Harlan,
> in general, we don't have PGP keys in use, but use another comms
> strategy: we just invited you to our wiki-based collaboration
> environment (accessed over TLS/SSL), the same that we use to forward
> found issues to NCSC-FI. I hope this will be sufficient for our
> communication needs.
> You can found our findings there, add your commentary to the wiki page,
> upload files if necessary, and we can even do an XMPP chat inside the
> collab, if there's any need for realtime discussion.
> You should already have received credentials in a separate email, please
> try out the collab and ask for additional help if needed.
> If you'd like to discuss the mechanics or reproduction of the issue at
> hand, our developer Aleksis Kauppinen is the right contact person, he
> can answer to your questions about the reported issue.
> Personally, I'll be on vacation for the next 4 weeks, starting now, as
> midsummer is upon us. While I'm out of office, feel free to engage into
> a conversation with Aleksis in order to proceed with the issue.
> Please let us know what you would need from our direction, and we'll
> work along from that?
> best regards,
> Pasi Korhonen
>> On 6/16/15 2:21 AM, NCSC-FI Vulnerability Co-ordination wrote:
>>> There seems to be a problem with ntpd 4.2.8 crashing with specific
>>> control message input. Please see the attached html file for a
>>> description of the problem, more information is included in the pcap
>>> and zip files. If you have any questions, don't hesitate to contact
>>> us, thanks.
>>> security mailing list
>>> security at lists.ntp.org
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!
More information about the security