[ntp:security] NTP Security Vulnerabilities issue CVE-2015-5300 :

ashish jaiswal ashu.cs178 at gmail.com
Wed Jan 6 19:39:10 UTC 2016


Hi Harlan ,

Thank you for your quick response.

Please can you tell me the approximate schedule for that patch availability.


Thanks and Regards,
Ashish























Thanks and Regards

Ashish Jaiswal

On Wed, Jan 6, 2016 at 3:39 PM, Harlan Stenn <stenn at nwtime.org> wrote:

> Hi Ashish,
>
> I believe the patch from Red Hat is incomplete and does not properly fix
> the problem for any version of NTP-4.
>
> We will soon be publishing our patch for this issue.
>
> If you are asking this because your company or your company's customers
> rely on NTP for accurate time, I urge you to work towards having your
> company and, if appropriate, your customers to become members of Network
> Time Foundation's NTP Consortium.  Institutional members get early
> notification of security problems, and members at the Partner and
> Premier level get early access to security patches.
>
> H
>
> On 1/5/16 10:13 PM, ashish jaiswal wrote:
> > Hi All,
> >
> > This is regarding patch submitted for NTP Security Vulnerabilities issue
> > mentioned in
> > https://bugzilla.redhat.com/show_bug.cgi?id=1271076
> >
> > As per the comments, CVE-2015-5300  patch is applicable for 4.2.6 and
> will
> > be available in NTP 4.2.8. But
> > 4.2.8p4's change log does not mention about merge history of this patch
> or
> > issue fix .
> >
> > Could someone clarify more about this ? Is the patch not applicable in
> this
> > case or is it planned for
> > future release ?
> >
> > Issue tiltle :  CVE-2015-5300 ntp: MITM attacker can force ntpd to make a
> > step larger than the panic threshold
> >
> >
> >
> > References for more information  :
> >
> > https://www.vulnerabilitycenter.com/#!vul=54015
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
> >
> >
> >
> > Thanks and Regards
> >
> > Ashish Jaiswal
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: TWiki Administrator <webmaster at ntp.org>
> > Date: Wed, Jan 6, 2016 at 11:29 AM
> > Subject: TWiki password reset for Ashish Jaiswal
> > To: AshishJaiswal <ashu.cs178 at gmail.com>
> >
> >
> > Dear Ashish Jaiswal
> >
> >
> >
> > Login name "AshishJaiswal"
> > Your password has been changed to "b7gU8roE".
> >
> > If you have any questions, please contact webmaster at ntp.org.
> >
> >
> >
> > _______________________________________________
> > security mailing list
> > security at lists.ntp.org
> > http://lists.ntp.org/listinfo/security
> >
>
> --
> Harlan Stenn <stenn at nwtime.org>
> http://networktimefoundation.org - be a member!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20160107/59b80523/attachment.html>


More information about the security mailing list