[ntp:security] [Bug 2920] TALOS-CAN-0064: ntp_io data conversion Memory Corruption Vulnerability

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Sat Oct 3 06:26:56 UTC 2015


Juergen Perlinger <perlinger at ntp.org> changed:

           What    |Removed                     |Added
             Status|CONFIRMED                   |IN_PROGRESS
                 CC|                            |perlinger at ntp.org
         AssignedTo|stenn at ntp.org               |perlinger at ntp.org

--- Comment #3 from Juergen Perlinger <perlinger at ntp.org> 2015-10-03 06:26:56 UTC ---
'a malicious refclock could'... and a malicious CPU could... not to mention
malicious operating systems. I have to stop here.

I would accept 'buggy clock driver'.

But the coding has definitely a signed/unsigned clash with the possibility of a
buffer overrun, so I'll fix that. But I'm not sure if this really qualifies as
security issue.

Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list