[ntp:security] [Bug 3082] Remote pre-authentication single packet denial of service vulnerability caused by null pointer dereference in _IO_str_init_static_internal()

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Jul 5 21:19:54 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=3082

Juergen Perlinger <perlinger at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P2                          |P5
             Status|IN_PROGRESS                 |READY
           Severity|critical                    |enhancement

--- Comment #4 from Juergen Perlinger <perlinger at ntp.org> 2016-07-05 21:19:54 UTC ---
Added more strict evaluation of the request packet 'read_mru_list()'.

The repo is in
  psp.ntp.org:~perlinger/ntp-stable-3082

This effectively fixes bug 3075, too.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list