[ntp:security] [Bug 3012] Sybil vulnerability: ephemeral association attack

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Mar 13 22:41:19 UTC 2018


http://bugs.ntp.org/show_bug.cgi?id=3012

contacto at agora-security.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |contacto at agora-security.com

--- Comment #5 from contacto at agora-security.com 2018-03-13 22:41:02 UTC ---
Could you confirm the versions where this has been patched (and the affected
versions)?

NVD says "NTP 4.2.8p4 and earlier and NTPsec
3e160db8dc248a0bcb053b56a80167dc742d2b74 and
a5fb34b9cc89b92a8fef2f459004865c93bb7f92"

http://support.ntp.org/bin/view/Main/NtpBug3012 says: Affects: All ntp-4
releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including
4.3.92

Thanks!

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list