[ntp:security] [Bug 2945] 0rigin: Zero Origin Timestamp Bypass

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Sat Oct 17 21:38:46 UTC 2015


Juergen Perlinger <perlinger at ntp.org> changed:

           What    |Removed                     |Added
             Status|IN_PROGRESS                 |READY

--- Comment #2 from Juergen Perlinger <perlinger at ntp.org> 2015-10-17 21:38:46 UTC ---
The repo is in


Now the packet is dropped as bogus when the origin time stamp is zero or the
packet origin does not match the peer origin. This does what the check
originally intended -- drop unwanted reply packets.

I guess the original assumption was that no server would send a zero origin
time stamp. Which is probably true for servers, but it's easy to create network

Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list