[ntp:security] recent Stack Overflow vulnerability posted

Brian Martin brian at opensecurityfoundation.org
Fri Dec 9 21:07:47 UTC 2016


NTP Security,

Recently, a vulnerability was posted about ntpd [1] and shortly after, 
someone else appears to have verified the same issue [2]. However, 
something about these reports seems off to several of us and we were 
wondering if you were aware of them, and if so, have you validated the 
finding?

Thank you,

Brian Martin
OSF / CVE Board


[1] 
https://packetstormsecurity.com/files/139900/Linux-ntpd-4.2.8-derive_nonce-Stack-Overflow.html
[2] 
https://packetstormsecurity.com/files/139962/ntpd-4.2.8-Stack-Overflow-Proof-Of-Concept.html


More information about the security mailing list