[ntp:security] [Bug 2916] New: TALOS-CAN-0054: Memory corruption in password store

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Oct 1 10:22:19 UTC 2015


             Bug #: 2916
           Summary: TALOS-CAN-0054: Memory corruption in password store
           Product: ntp
           Version: 4.2.8
          Platform: All
        OS/Version: All
            Status: CONFIRMED
          Severity: normal
          Priority: P3
         Component: Security Bugs
        AssignedTo: perlinger at ntp.org
        ReportedBy: stenn at ntp.org
                CC: security at ntp.org
             Group: Security
    Classification: Unclassified

Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
              Flags|                            |blocking4.2.8+

An exploitable use-after-free vulnerability exists in the password management
functionality of the Network Time Protocol. A specially crafted key file could
cause a buffer overflow resulting in memory corruption. An attacker could
provide a malicious password file to trigger this vulnerability.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list