[ntp:security] [Bug 2945] 0rigin: Zero Origin Timestamp Bypass

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Aug 30 23:13:23 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=2945

--- Comment #11 from Harlan Stenn <stenn at ntp.org> 2016-08-30 23:13:23 UTC ---
(In reply to comment #10)
> This doesn't seem to be fixed in 4.2.8p7. It still accepts packets with zero
> origin timestamp. There is a "receive: Got 0 origin timestamp" message in
> syslog, but the packet is processed as nothing was wrong, allowing the attacker
> to push any offset to the client.

There are cases where a 0 origin timestamp is expected/correct.  Having said
that, there are other issues at play here, and there is additional work to be
done.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list