[ntp:security] [Bug 3119] Trap crash

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Nov 17 16:30:40 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=3119

--- Comment #8 from Matthew Van Gundy <mvangund at cisco.com> 2016-11-17 16:30:40 UTC ---
(In reply to comment #7)
> Matt,
> 
> I'm planning to go with:
> 
>  4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
> 
> because traps are not set up by default.  Enabling traps requires root access
> (AC:H) and user interaction (UI:R) in order to create the necessary conditions
> for this bug.
> 
> Bug 3118 is a separate issue here.
> 
> I'm happy to discuss this if you disagree.

Hi Harlan,

I agree that enabling traps is AC:H... but once enabled, the preconditions are
satisfied and no further user interaction is required (UI:N).

Thanks,
Matt

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list