Yet another NTP security bug we fixed before the CVE issued

Eric S. Raymond esr at thyrsus.com
Fri Oct 28 19:45:36 UTC 2016


http://forums.theregister.co.uk/forum/1/2016/10/28/researchers_tag_new_brace_of_bugs_in_ntp_but_theyre_fixable/

That'd be another CVE that NTPsec dodges before it's issued.

We removed interleaved mode months ago because the code smelled bad
and turned out to have an implementation error in the timestamp
handling.

On past performance, there'll be about a 75% chance each that we've
pre-fixed the other new security bugs.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>


More information about the NANOG mailing list