[ntp:security] Security Vulnerability in ntpd v4.2.8p10 and v4.2.8p11
phd1401101002 at iiti.ac.in
Sun Mar 25 11:25:25 UTC 2018
Dear NTP project team,
CVE mitre has assigned CVE-2018-8956 to this reported vulnerability.
On Fri, 23 Mar 2018, 4:47 pm Nikhil Tripathi, <phd1401101002 at iiti.ac.in>
> Dear NTP project team,
> We found a vulnerability in the two most recent versions of ntpd -
> v4.2.8p10 and v4.2.8p11 which can be exploited to prevent a broadcast
> client from synchronizing itself with a broadcast server. In particular, by
> exploiting this vulnerability, an adversary prevents a broadcast client
> from calculating path propagation delay due to which client is not able to
> synchronize its clock with the broadcast server.
> We have also requested for a CVE ID allocation to this vulnerability.
> Attached is a document in which we describe the procedure to exploit this
> I hope this will help to make the implementation more robust and secure.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security