[ntp:security] [FICORA #829967] ntpd control message crash

Harlan Stenn stenn at nwtime.org
Thu Jun 18 21:52:46 UTC 2015


Thanks, and I'd like to have this resolved before our leap-second
release at the end of the month.

H

On 6/18/15 2:54 PM, Aleksis Kauppinen wrote:
> Hi Harlan,
> 
> I just quickly updated the wiki as well. I don't actually know if there
> is a better way to notify other than this, someone else might know
> better than me. :)
> 
> I won't be at office tomorrow and I will be traveling the whole next
> week, but I'll try to find time to answer any further questions you
> might have. I'll be fully back in business on Tuesday 30.6. and will get
> to this then the latest. Sorry for the inconvenience.
> 
> - Aleksis Kauppinen
> 
> On 18.6.2015 22:58, Harlan Stenn wrote:
>> Hi folks,
>>
>> I've just updated the wiki.
>>
>> I hope my comments/questions are easy to find.
>>
>> Is there a way I can get notification when the wiki is updated?
>>
>> Thanks!
>>
>> H
>>
>> On 6/18/15 6:43 AM, Pasi Korhonen wrote:
>>> On 18/06/15 04:10, Harlan Stenn wrote:
>>>> Aleksis and Pasi,
>>>>
>>>> Thanks for the report.
>>>>
>>>> Do you folks have PGP/GPG keys?
>>>
>>>      hi Harlan,
>>>
>>> in general, we don't have PGP keys in use, but use another comms
>>> strategy: we just invited you to our wiki-based collaboration
>>> environment (accessed over TLS/SSL), the same that we use to forward
>>> found issues to NCSC-FI. I hope this will be sufficient for our
>>> communication needs.
>>>
>>> You can found our findings there, add your commentary to the wiki page,
>>> upload files if necessary, and we can even do an XMPP chat inside the
>>> collab, if there's any need for realtime discussion.
>>>
>>> You should already have received credentials in a separate email, please
>>> try out the collab and ask for additional help if needed.
>>>
>>> ---
>>>
>>> If you'd like to discuss the mechanics or reproduction of the issue at
>>> hand, our developer Aleksis Kauppinen is the right contact person, he
>>> can answer to your questions about the reported issue.
>>>
>>> Personally, I'll be on vacation for the next 4 weeks, starting now, as
>>> midsummer is upon us. While I'm out of office, feel free to engage into
>>> a conversation with Aleksis in order to proceed with the issue.
>>>
>>> Please let us know what you would need from our direction, and we'll
>>> work along from that?
>>>
>>>      best regards,
>>>      Pasi Korhonen
>>>      Codenomicon
>>>
>>>
>>>> Thanks!
>>>>
>>>> H
>>>>
>>>> On 6/16/15 2:21 AM, NCSC-FI Vulnerability Co-ordination wrote:
>>>>> Hello,
>>>>>
>>>>> There seems to be a problem with ntpd 4.2.8 crashing with specific
>>>>> control message input. Please see the attached html file for a
>>>>> description of the problem, more information is included in the pcap
>>>>> and zip files. If you have any questions, don't hesitate to contact
>>>>> us, thanks.
>>>>>
>>>>>     Tapio
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> security mailing list
>>>>> security at lists.ntp.org
>>>>> http://lists.ntp.org/listinfo/security
>>>>>
>>>>
>>>
>>
> 
> 

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!



More information about the security mailing list