[ntp:security] [SECUNIA] NTPD Vulnerability

Harlan Stenn stenn at nwtime.org
Wed Nov 30 10:00:34 UTC 2016



On 11/29/16 5:19 AM, Secunia Research wrote:
> Hello,
> 
>  
> 
> We have noticed a public vulnerability report [1] for NTPD and are currently
> evaluating it to publish a Secunia Advisory to protect customers using your
> product.
> 
>  
> 
> For the benefit of our mutual customers, we would really appreciate to
> receive your comments to make our advisory as accurate as possible.
> 
>  
> 
> * Can you confirm the reported vulnerability?

We have not been able to reproduce this issue with ntp-4.2.8p9.

> * Which versions are affected?

No idea - the public vulnerability[1] was apparently never reported to us.

> * Are there any mitigating factors or requirements for exploitation?

No idea yet - we have been unable to reproduce the problem.

> * When do you expect to release a fix?

At the moment we show nothing needs to be fixed.  But we're doing more
checking.

Thanks!

H
--
>  
> 
> Thank you in advance and with best regards.
> 
>  
> 
> [1] -
> https://packetstormsecurity.com/files/139900/Linux-ntpd-4.2.8-derive_nonce-S
> tack-Overflow.html
> 
>  
> 
> ---------------------------------------------------------------
> 
> Eradat-mand / Med venlig hilsen / Kind Regards,
> 
>  
> 
> Hossein Lotfi
> 
>  
> 
> Senior Information Security Specialist
> 
>  
> 
> Secunia Research at Flexera Software
> 
>  
> 
> Rued Langgaardsvej 8
> 
> 2300 Copenhagen S
> 
> Denmark
> 
>  
> 
> Phone +45 7020 5144
> 
> Fax +45 7020 5145
> 
>  
> 
> http://www.flexerasoftware.com
> 
>  
> 
>  
> 
>  
> 
> 
> 
> 
> _______________________________________________
> security mailing list
> security at lists.ntp.org
> http://lists.ntp.org/listinfo/security
> 

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!



More information about the security mailing list