[ntp:security] [Bug 3082] Remote pre-authentication single packet denial of service vulnerability caused by null pointer dereference in _IO_str_init_static_internal()

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Sep 15 12:11:16 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=3082

--- Comment #10 from Magnus Stubman <magnus at stubman.eu> 2016-09-15 12:11:16 UTC ---
(In reply to comment #9)
> How about:
> 
>  read_mru_list() does inadequate incoming packet checks
> 
> for the title of this issue?

How about 'Remote pre-authentication single packet denial of service
vulnerability caused by inadequate incoming packet checks in read_mru_list()' ?

I'd like to highlight that today it is 80 days since I first reported this
vulnerability, not to mention that it has existed for 104 days now since the
last release. The longer this vulnerability remains unresolved, the higher the
chance of people with bad intentions finding it.

Since I used publicly known tried and tested techniques for discovering it, the
discovery of it by others is plausible.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list