[ntp:security] [Bug 2901] Clients that receive a KoD should validate the origin timestamp field.

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Jan 21 09:25:35 UTC 2016


Miroslav Lichvar <mlichvar at redhat.com> changed:

           What    |Removed                     |Added
                 CC|                            |mlichvar at redhat.com

--- Comment #12 from Miroslav Lichvar <mlichvar at redhat.com> 2016-01-21 09:25:35 UTC ---
As discussed on the ntp hackers list couple months ago, this issue doesn't seem
to be fully fixed. When the TEST3 check performed on the transmit timestamp
fails, the TEST2 check is skipped and a KoD reply is accepted even when its
origin timestamp doesn't match the transmit timestamp from the request.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list