[ntp:security] Cisco ASIG NTP Defect Batch 1

Matthew Van Gundy mvangund at cisco.com
Wed Oct 7 17:50:38 UTC 2015


Enclosed is a combined bundle of defect details for defects that Cisco
ASIG has found in NTP.  Since most of the defects affect both the NTP
and NTPSec projects, we are providing a combined bundle (with the
affected versions clearly noted) and we will be making simultaneous
disclosures to both the NTP and NTPSec projects.

This is our initial disclosure.  None of these defects have been
publicly disclosed.  Please use appropriate care in handling information
regarding these defects.  We hope to be able to coordinate a combined
public disclosure.

Aanchal Malhotra, of Boston University, is Cc'd on this disclosure as
two of the defects were found by Aanchal while visiting at ASIG.

For further information about Cisco's Vendor Vulnerability Reporting
and Disclosure Policy, see:
http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html

If you have any questions, I would be happy to discuss them with you.

Thank you,
Matt

-- 
Matthew Van Gundy, Technical Leader
Advanced Security Initiatives Group
Cisco Systems, Inc.

work. +1 (865) 288-6495
cell. +1 (805) 699-6134
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asig-ntp-defects-01.tar.gz.gpg
Type: application/octet-stream
Size: 50110 bytes
Desc: not available
URL: <http://lists.ntp.org/private/security/attachments/20151007/67912d13/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20151007/67912d13/attachment-0001.sig>


More information about the security mailing list