[ntp:security] [Bug 2913] New: [TALOS-CAN-0052] crash by loop counter underrun.

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Wed Sep 30 09:59:39 UTC 2015


http://bugs.ntp.org/show_bug.cgi?id=2913

             Bug #: 2913
           Summary: [TALOS-CAN-0052] crash by loop counter underrun.
           Product: ntp
           Version: 4.2.8
          Platform: PC
        OS/Version: All
            Status: CONFIRMED
          Severity: normal
          Priority: P3
         Component: Security Bugs
        AssignedTo: perlinger at ntp.org
        ReportedBy: stenn at ntp.org
                CC: security at ntp.org
             Group: Security
    Classification: Unclassified


Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |blocking4.2.8+

Created attachment 1326
  --> http://bugs.ntp.org/attachment.cgi?id=1326
Analysis

When processing a specially crafted private mode packet, an integer overflow
can
occur leading to out of bounds memory copy operation. The crafted packet needs
to have the correct message authentication code and a valid timestamp. When
processed by the NTP daemon, it leads to an immediate crash.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list