[ntp:security] [Bug 3044] Processing spoofed server packets

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Jun 2 18:14:58 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=3044

Daniel Franke <dfoxfranke at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dfoxfranke at gmail.com

--- Comment #4 from Daniel Franke <dfoxfranke at gmail.com> 2016-06-02 18:14:58 UTC ---
The security advisory for this bug references "An attacker who is able to spoof
packets with *correct* origin timestamps" (emphasis added). Was that what you
intended? It appears to me that the reason for this issue is that *incorrect*
origin timestamps can slip through. In particular, receive() sets TEST3 when
the origin timestamp is zero and TEST2 when the origin timestamp is
nonzero-but-bogus, but the first place these bits necessarily abort further
handling is in process_packet().

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list