[ntp:security] [FICORA #829967] ntpd control message crash

Harlan Stenn stenn at nwtime.org
Mon Jun 29 22:15:57 UTC 2015


http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi

H

On 6/25/15 12:49 AM, NCSC-FI Vulnerability Co-ordination wrote:
> Hi,
> 
> Sorry for the late reply, Tapio just left for holidays and I just
> returned..
> 
> On 06/24/2015 05:50 PM, Harlan Stenn wrote:
>> - When we publish, what URL do we use for FICORA #829967 ?
> 
> Our advisory will most likely appear at:
> 
> https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-052.html
> 
> Due to the peculiarities of our publishing system, the number 052
> might still change, I'll keep you updated if that happens.
> 
>> - we're ready to send an announcement out to CERT-like folks about
>>  this fix, including access to the preliminary patch.  Is this
>> something FICORA can handle with us, or do we need to contact our
>> usual CERT channels?
> 
> Normally we do not engage much of our contact network related to
> vulnerability pre-announcements, but we can certainly help you with
> this. We have good and trusted working relationships within the EGC
> (European Governmental Certs group), fellow vulnerability coordinators
> (CERT/CC, JPCERT/CC) and within the Trusted Introducer network as well
> as IWWN (International Watch and Warning Network). Outside of these
> groups, we have bilateral relationships with a number of CERT actors
> as well as vendors who use NTP within their products.
> 
> What kind of distribution are you thinking about?
> 
>> We're not seeing this issue as anything particularly dangerous, so
>> we're planning to go public with it in about 48 hours' time, when
>> we release ntp-4.2.8p3.
> 
> Sounds good.
> 
> -Jussi
> 
> 

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 670 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20150629/00ebcf9b/attachment.sig>


More information about the security mailing list