[ntp:security] [Bug 3076] [ntpd] send the overflow packet cause ntpd crash

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Oct 13 08:40:30 UTC 2016


--- Comment #3 from Harlan Stenn <stenn at ntp.org> 2016-10-13 08:40:30 UTC ---

(In reply to comment #2)
> (In reply to comment #1)
> Somehow I'm not able to reproduce the attack... It would be best if someone
> could create a binary (or base64 encoded) file that contains the raw UDP (!!)
> data to be sent via 'nc' (netcat) as it's done for bugs 3075,3082,3083.
> Trying to extract the UDP level data with wireshark from the packet capture did
> not have the desired effect -- that is, nothing happened when I threw them to
> ntpd with nc. Probably my fault, but for validation of the bug something easier
> to reproduce would be highly appreciated!


Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list