Yet another NTP security bug we fixed before the CVE issued
Eric S. Raymond
esr at thyrsus.com
Fri Oct 28 19:45:36 UTC 2016
http://forums.theregister.co.uk/forum/1/2016/10/28/researchers_tag_new_brace_of_bugs_in_ntp_but_theyre_fixable/
That'd be another CVE that NTPsec dodges before it's issued.
We removed interleaved mode months ago because the code smelled bad
and turned out to have an implementation error in the timestamp
handling.
On past performance, there'll be about a 75% chance each that we've
pre-fixed the other new security bugs.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the NANOG
mailing list