[ntp:security] NTP security issues
Magnus Klaaborg Stubman
magnus at stubman.eu
Thu Jan 17 12:14:42 UTC 2019
You are most welcome.
I apologise that I didn’t realise earlier that the codebase was shared with ntp and therefore also affected you guys.
I do not have any other security issues in the pipeline that involve you guys.
The guys at NTPsec approached me back in 2016 when I found the first remote unauthenticated DoS in ntp. I didn’t have time back then to help them out, but I did half a year ago when I found the that were just disclosed at https://dumpco.re/blog/ntpsec-bugs <https://dumpco.re/blog/ntpsec-bugs>
> On 17 Jan 2019, at 00.53, Harlan Stenn <stenn at nwtime.org> wrote:
> Hi Magnus,
> Thanks for that report.
> Do you have any other security issues that you are getting ready to tell
> us about?
> If you don't mind my asking, how did you get started doing the security
> audit of NTPsec?
> Harlan Stenn, Network Time Foundation
> http://nwtime.org - be a Member!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security