[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 14 Apr 2015 08:55:36 +0200
From: Gsunde Orangen <gsunde.orangen@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request for some NTP stuff
This is just a "cleanup" notice for those two ntp vulnerabilities that
were resolved on Feb 4th:
On 2015-02-05, 00:03 Gsunde Orangen wrote:
> Hi Kurt,
>
> On 2015-02-04, 23:24 Kurt Seifried wrote:
>> I haven't seen any CVE's for these yet:
>
>> http://bugs.ntp.org/show_bug.cgi?id=2671 vallen is not validated,
>> leading to potential info leak
> CVE-2014-9297 (according to
> http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities)
>
>
>
>
>
>
>> http://bugs.ntp.org/show_bug.cgi?id=2655 Multiple vulnerabilities
>> in ntpd
> This bug lists 8 different bugs, Bugs #1 - #7 are tracked in
> different ids (#7 is the one above: id=2671) The remaining bug #8
> is defined as CVE-2014-9298 as in
> http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
>
>
>
>
> Note however, that the Cert VNDB
> (http://www.kb.cert.org/vuls/id/852879) uses the same CVEs for
> bugs #7 and #8, but mutually exchanged! Either ntp.org or cert.org
> is wrong...
cert.org was wrong but had apparently fixed it immediately after that
notice.
>
>
>> Thanks.
>
> You're welcome ;-)
>
>
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
