[ntp:security] [Bug 3082] Remote pre-authentication single packet denial of service vulnerability caused by null pointer dereference in _IO_str_init_static_internal()

Harlan Stenn stenn at nwtime.org
Thu Sep 15 22:58:33 UTC 2016



On 9/15/16 5:11 AM, bugzilla-daemon at ntp.org wrote:
> http://bugs.ntp.org/show_bug.cgi?id=3082
> 
> --- Comment #10 from Magnus Stubman <magnus at stubman.eu> 2016-09-15 12:11:16 UTC ---
> (In reply to comment #9)
>> How about:
>>
>>  read_mru_list() does inadequate incoming packet checks
>>
>> for the title of this issue?
> 
> How about 'Remote pre-authentication single packet denial of service
> vulnerability caused by inadequate incoming packet checks in read_mru_list()' ?

We try to have titles that are well under 80 characters long.

> I'd like to highlight that today it is 80 days since I first reported this
> vulnerability, not to mention that it has existed for 104 days now since the
> last release. The longer this vulnerability remains unresolved, the higher the
> chance of people with bad intentions finding it.
> 
> Since I used publicly known tried and tested techniques for discovering it, the
> discovery of it by others is plausible.

Yes, and we're unhappy about these delays, too.

There are currently 10 security issues that will be fixed in 4.2.8p9.
There are 12 non-security bugs that will be in there too.  There are at
least 3 more issues that must be addressed before 4.2.8p9 is released.

You might have some idea of how many hours/week I put in here.

It takes a lot of resources to do this work, and we have been asking for
more help to do this for years.

We appreciate that you found and reported the problems you found.

If there's anything you can do to help us get more resources, that would
be swell, too.  We need more volunteers and more money.  There is a HUGE
amount of work to do.

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!



More information about the security mailing list