[ntp:security] [Bug 3007] New: Check to see if crypto-NAK is valid

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Feb 2 16:00:45 UTC 2016


             Bug #: 3007
           Summary: Check to see if crypto-NAK is valid
           Product: ntp
           Version: 4.2.8
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: major
          Priority: P5
         Component: Security Bugs
        AssignedTo: stenn at ntp.org
        ReportedBy: mayer at ntp.org
                CC: security at ntp.org
             Group: Security
    Classification: Unclassified

Danny Mayer <mayer at ntp.org> changed:

           What    |Removed                     |Added
              Flags|                            |blocking4.2.8?

When ntpd receives a crypto-NAK packet it needs to check if the association is
doing authentication whether autokey or privatekey and if not if should not
unpeer the association and must drop the packet. If there is authentication
then the extension should be checked to see if it is all 0's.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list