[ntp:security] Cisco ASIG NTP Defect Batch 1

Matthew Van Gundy mvangund at cisco.com
Wed Oct 7 18:24:44 UTC 2015


My apologies, the attached disclosure bundle was double-gzipped.
(Apparently bsdtar iteratively gunzips until it gets a tar header.)

On 10/7/15 1:50 PM, Matthew Van Gundy wrote:
> Enclosed is a combined bundle of defect details for defects that Cisco
> ASIG has found in NTP.  Since most of the defects affect both the NTP
> and NTPSec projects, we are providing a combined bundle (with the
> affected versions clearly noted) and we will be making simultaneous
> disclosures to both the NTP and NTPSec projects.
> 
> This is our initial disclosure.  None of these defects have been
> publicly disclosed.  Please use appropriate care in handling information
> regarding these defects.  We hope to be able to coordinate a combined
> public disclosure.
> 
> Aanchal Malhotra, of Boston University, is Cc'd on this disclosure as
> two of the defects were found by Aanchal while visiting at ASIG.
> 
> For further information about Cisco's Vendor Vulnerability Reporting
> and Disclosure Policy, see:
> http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html
> 
> If you have any questions, I would be happy to discuss them with you.
> 
> Thank you,
> Matt
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20151007/8efc1058/attachment-0001.sig>


More information about the security mailing list