[ntp:security] [FICORA #829967] ntpd control message crash

Aleksis Kauppinen aleksis.kauppinen at codenomicon.com
Thu Jun 18 21:54:18 UTC 2015


Hi Harlan,

I just quickly updated the wiki as well. I don't actually know if there 
is a better way to notify other than this, someone else might know 
better than me. :)

I won't be at office tomorrow and I will be traveling the whole next 
week, but I'll try to find time to answer any further questions you 
might have. I'll be fully back in business on Tuesday 30.6. and will get 
to this then the latest. Sorry for the inconvenience.

- Aleksis Kauppinen

On 18.6.2015 22:58, Harlan Stenn wrote:
> Hi folks,
>
> I've just updated the wiki.
>
> I hope my comments/questions are easy to find.
>
> Is there a way I can get notification when the wiki is updated?
>
> Thanks!
>
> H
>
> On 6/18/15 6:43 AM, Pasi Korhonen wrote:
>> On 18/06/15 04:10, Harlan Stenn wrote:
>>> Aleksis and Pasi,
>>>
>>> Thanks for the report.
>>>
>>> Do you folks have PGP/GPG keys?
>>
>>      hi Harlan,
>>
>> in general, we don't have PGP keys in use, but use another comms
>> strategy: we just invited you to our wiki-based collaboration
>> environment (accessed over TLS/SSL), the same that we use to forward
>> found issues to NCSC-FI. I hope this will be sufficient for our
>> communication needs.
>>
>> You can found our findings there, add your commentary to the wiki page,
>> upload files if necessary, and we can even do an XMPP chat inside the
>> collab, if there's any need for realtime discussion.
>>
>> You should already have received credentials in a separate email, please
>> try out the collab and ask for additional help if needed.
>>
>> ---
>>
>> If you'd like to discuss the mechanics or reproduction of the issue at
>> hand, our developer Aleksis Kauppinen is the right contact person, he
>> can answer to your questions about the reported issue.
>>
>> Personally, I'll be on vacation for the next 4 weeks, starting now, as
>> midsummer is upon us. While I'm out of office, feel free to engage into
>> a conversation with Aleksis in order to proceed with the issue.
>>
>> Please let us know what you would need from our direction, and we'll
>> work along from that?
>>
>>      best regards,
>>      Pasi Korhonen
>>      Codenomicon
>>
>>
>>> Thanks!
>>>
>>> H
>>>
>>> On 6/16/15 2:21 AM, NCSC-FI Vulnerability Co-ordination wrote:
>>>> Hello,
>>>>
>>>> There seems to be a problem with ntpd 4.2.8 crashing with specific
>>>> control message input. Please see the attached html file for a
>>>> description of the problem, more information is included in the pcap
>>>> and zip files. If you have any questions, don't hesitate to contact
>>>> us, thanks.
>>>>
>>>>     Tapio
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> security mailing list
>>>> security at lists.ntp.org
>>>> http://lists.ntp.org/listinfo/security
>>>>
>>>
>>
>



More information about the security mailing list