[ntp:security] [Bug 3379] NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Pentest report 01.2017)

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Mar 23 10:39:25 UTC 2017


--- Comment #6 from Miroslav Lichvar <mlichvar at redhat.com> 2017-03-23 10:39:25 UTC ---
Actually, this seems to be a separate issue I hit while backporting the patch
for 4.2.6p5. It's only in older versions before 4.2.7p22 where ctl_putstr()
silently truncated the data string. I'll file a new bug.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list