[ntp:security] [Bug 3414] ntpq: decodearr() can write beyond its 'buf' limits

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Mon Oct 23 14:39:57 UTC 2017


--- Comment #12 from Michael Macnair <michael.macnair at thales-esecurity.com> 2017-10-23 14:39:57 UTC ---
I believe this issue has a similar impact to
http://www.cvedetails.com/cve/CVE-2009-0159 i.e. potentially allows a hostile
NTP server to execute code on a victim client running ntpq.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list