Date: Mon, 30 Dec 2013 23:40:37 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE to the ntp monlist DDoS issue? * Moritz Muehlenhoff: > On Mon, Dec 30, 2013 at 09:05:56AM -0500, cve-assign@...re.org wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> > Has anyone thought about assigning a CVE to this? >> >> http://bugs.ntp.org/show_bug.cgi?id=1532 was assigned CVE-2013-5211. > > Shouldn't this rather be CVE-2010-XXXX ? I don't think this was previously discussed as a security issue in public. There is a 2011 reference here that explicitly cites amplification factors, though: <http://lists.ntp.org/pipermail/pool/2011-December/005616.html> This has an odd feeling of déjà vu to me, but I suspect the previous discusssions have been on private channels of which I no longer have records.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.