[ntp:security] [SECUNIA] NTPD Vulnerability

Secunia Research vuln at secunia.com
Tue Nov 29 13:19:09 UTC 2016


Hello,

 

We have noticed a public vulnerability report [1] for NTPD and are currently
evaluating it to publish a Secunia Advisory to protect customers using your
product.

 

For the benefit of our mutual customers, we would really appreciate to
receive your comments to make our advisory as accurate as possible.

 

* Can you confirm the reported vulnerability?

* Which versions are affected?

* Are there any mitigating factors or requirements for exploitation?

* When do you expect to release a fix?

 

Thank you in advance and with best regards.

 

[1] -
https://packetstormsecurity.com/files/139900/Linux-ntpd-4.2.8-derive_nonce-S
tack-Overflow.html

 

---------------------------------------------------------------

Eradat-mand / Med venlig hilsen / Kind Regards,

 

Hossein Lotfi

 

Senior Information Security Specialist

 

Secunia Research at Flexera Software

 

Rued Langgaardsvej 8

2300 Copenhagen S

Denmark

 

Phone +45 7020 5144

Fax +45 7020 5145

 

http://www.flexerasoftware.com

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20161129/cba816fe/attachment.html>


More information about the security mailing list