[ntp:security] Talos Security Advisory (TALOS-2016-0260)

Harlan Stenn stenn at nwtime.org
Tue Jan 24 20:51:08 UTC 2017


Hi Regina,

On 1/24/17 12:42 PM, Regina Wilson (regiwils) wrote:
> Hello,
> 
> Please provide status of the issue reported below.  Is this issue under review?  If there’s a disclosure timeline, please advise.  We prefer at least 2 business days notice of public release so we may coordinate on our end.

It's under review, we have a fix in mind that I'm 90%+ comfortable will
fix it, and when we're comfortable with it we'll send it to you for
checking.  We will then do a T-2 week notice to our security partners,
and a T-1 week notice to CERT, followed a week later by the public release.

H
--
> Kind Regards,
> 
> Regina Wilson
> Engineer. Research
> regiwils at cisco.com<mailto:regiwils at cisco.com>
> 
> 
> 
> 
> [cid:CFA14CB5-B7B2-4FF7-8313-22D495F607D5 at vrt.sourcefire.com]
> 
> On Jan 4, 2017, at 9:17 AM, Regina Wilson (regiwils) <regiwils at cisco.com<mailto:regiwils at cisco.com>> wrote:
> 
> Hello,
> 
> The Cisco Talos team found a security vulnerability impacting NTP customers.  As this is a sensitive security issue, we’ve provided the following report encrypted with your PGP key.
> 
> 
> <NTP Vulnerability Report.2016.0260.zip 2.gpg>
> 
> For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html
> 
> 
> Please CC vulndev at cisco.com<mailto:vulndev at cisco.com> on all correspondence related to this issue.
> 
> Regina Wilson
> Engineer. Research
> regiwils at cisco.com<mailto:regiwils at cisco.com>
> 
> 
> 
> 
> <image001.png>
> 
> 

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!



More information about the security mailing list