[ntp:security] [Bug 3592] DoS attack on client ntpd
bugzilla-daemon at ntp.org
bugzilla-daemon at ntp.org
Mon Jun 3 16:11:01 UTC 2019
http://bugs.ntp.org/show_bug.cgi?id=3592
--- Comment #4 from Miroslav Lichvar <mlichvar at redhat.com> 2019-06-03 16:11:01 UTC ---
It seems this affects also much older ntp versions, not just 4.2.8p12 and
4.2.8p13. In 4.2.8p7 and older there was a poll_update() call in
process_packet() before the "peer->flash & PKT_TEST_MASK" check. If I remember
correctly it was only in few earlier releases where that code couldn't be
reached with a packet that didn't pass the origin check (and that is what broke
the symmetric mode?).
This looks like an intricate problem.
--
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the security
mailing list