196146 – [security] ntpd <= 2.4.7 vulnerable to possible buffer overrun, denial of service, weak cryptography

Bug 196146 - [security] ntpd <= 2.4.7 vulnerable to possible buffer overrun, denial of service, weak cryptography

Summary: [security] ntpd <= 2.4.7 vulnerable to possible buffer overrun, denial of ser...

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Xin LI

URL:	http://www.kb.cert.org/vuls/id/852879
Keywords:	security

Depends on:
Blocks:

Reported:	2014-12-19 23:33 UTC by Harrison Grundy
Modified:	2015-03-12 05:27 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Harrison Grundy 2014-12-19 23:33:41 UTC

ntpd in base may be vulnerable to http://www.kb.cert.org/vuls/id/852879

More information at http://support.ntp.org/bin/view/Main/SecurityNotice

(Thanks for pointing it out, bjk)

Comment 1 Xin LI freebsd_committer

2014-12-20 00:55:27 UTC

Base system patch (DRAFT) at: https://reviews.freebsd.org/D1343

Comment 2 Mark Linimon freebsd_committer

2015-03-12 05:26:02 UTC

Over to delphij to see if this PR is stale.

Comment 3 Xin LI freebsd_committer

2015-03-12 05:27:53 UTC

Fixed as part of FreeBSD-SA-14:31.ntp.