[ntp:security] [Bug 2945] 0rigin: Zero Origin Timestamp Bypass

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Fri Apr 29 08:30:57 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=2945

--- Comment #10 from Miroslav Lichvar <mlichvar at redhat.com> 2016-04-29 08:30:57 UTC ---
This doesn't seem to be fixed in 4.2.8p7. It still accepts packets with zero
origin timestamp. There is a "receive: Got 0 origin timestamp" message in
syslog, but the packet is processed as nothing was wrong, allowing the attacker
to push any offset to the client.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list