[ntp:security] ntpq stack buffer overflow

Harlan Stenn stenn at nwtime.org
Thu Jul 6 08:40:19 UTC 2017


Thanks, Michael, we appreciate it.

If you want to report these things securely, please use the attached key.

Thanks again, and I'll get started on that bug report.

H

On 7/6/17 1:37 AM, Macnair, Michael wrote:
> Hi Harlan,
> 
> Thanks, I've created an account with this email address.
> 
> As a heads up, I found this bug as part of a fuzzing workshop I'm running - rediscovering CVE-2009-0159 is one of the exercises. It's quite likely that some of my students will rediscover the same issue in the next few days. I will advise them that there are some reported but unresolved issues.
> 
> Regards,
> Michael
> 
> -----Original Message-----
> From: Harlan Stenn [mailto:stenn at nwtime.org] 
> Sent: 06 July 2017 08:43
> To: Macnair, Michael; security at ntp.org
> Subject: Re: [ntp:security] ntpq stack buffer overflow
> 
> Hi Michael,
> 
> Thanks for the report.
> 
> Would you please register at bugs.ntp.org so we can easily inform you of our progress on this?
> 
> I'll create a security bug for this so information about it doesn't "leak" early.
> 
> Thanks!
> 
> --
> Harlan Stenn <stenn at nwtime.org>
> http://networktimefoundation.org - be a member!
> 

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x0066B2FD.asc
Type: application/pgp-keys
Size: 4531 bytes
Desc: not available
URL: <http://lists.ntp.org/private/security/attachments/20170706/e814c84f/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 670 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20170706/e814c84f/attachment.sig>


More information about the security mailing list