[ntp:security] NTP Security Vulnerabilities issue CVE-2015-5300 :

ashish jaiswal ashu.cs178 at gmail.com
Wed Jan 6 06:13:16 UTC 2016


Hi All,

This is regarding patch submitted for NTP Security Vulnerabilities issue
mentioned in
https://bugzilla.redhat.com/show_bug.cgi?id=1271076

As per the comments, CVE-2015-5300  patch is applicable for 4.2.6 and will
be available in NTP 4.2.8. But
4.2.8p4's change log does not mention about merge history of this patch or
issue fix .

Could someone clarify more about this ? Is the patch not applicable in this
case or is it planned for
future release ?

Issue tiltle :  CVE-2015-5300 ntp: MITM attacker can force ntpd to make a
step larger than the panic threshold



References for more information  :

https://www.vulnerabilitycenter.com/#!vul=54015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300



Thanks and Regards

Ashish Jaiswal



---------- Forwarded message ----------
From: TWiki Administrator <webmaster at ntp.org>
Date: Wed, Jan 6, 2016 at 11:29 AM
Subject: TWiki password reset for Ashish Jaiswal
To: AshishJaiswal <ashu.cs178 at gmail.com>


Dear Ashish Jaiswal



Login name "AshishJaiswal"
Your password has been changed to "b7gU8roE".

If you have any questions, please contact webmaster at ntp.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20160106/73417eba/attachment.html>


More information about the security mailing list