[ntp:security] NTP security issues

Magnus Klaaborg Stubman magnus at stubman.eu
Thu Jan 17 12:14:42 UTC 2019


Hi Harlan,

You are most welcome.

I apologise that I didn’t realise earlier that the codebase was shared with ntp and therefore also affected you guys. 

I do not have any other security issues in the pipeline that involve you guys.

The guys at NTPsec approached me back in 2016 when I found the first remote unauthenticated DoS in ntp. I didn’t have time back then to help them out, but I did half a year ago when I found the that were just disclosed at https://dumpco.re/blog/ntpsec-bugs <https://dumpco.re/blog/ntpsec-bugs> 


Magnus

> On 17 Jan 2019, at 00.53, Harlan Stenn <stenn at nwtime.org> wrote:
> 
> Hi Magnus,
> 
> Thanks for that report.
> 
> Do you have any other security issues that you are getting ready to tell
> us about?
> 
> If you don't mind my asking, how did you get started doing the security
> audit of NTPsec?
> -- 
> Harlan Stenn, Network Time Foundation
> http://nwtime.org - be a Member!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20190117/a7660939/attachment.html>


More information about the security mailing list