[security at ntpsec.org] Bug#964395: Does CVE-2020-13817 affect ntpsec?

Hal Murray hmurray at megapathdsl.net
Thu Aug 13 10:48:26 UTC 2020

> I don't think I ever got an answer on this one.

It looks familiar, but I can't find any old mail that matches up.

I'm probably confusing it with a similar problem.


>>   https://bugs.ntp.org/show_bug.cgi?id=3596

That bug talks about feeding bogus time to a system by guessing the transmit 
time stamp.

When ntpd gets a response, it drops responses where the time-stamp it sent 
doesn't match the corresponding slot in the reply.  The idea is that most of 
the bits in that slot are predictable so an off path attacker has a good 
chance of getting a bogus response through by guessing the value the server is 

There is a draft in the pipeline:
We implement that.

I don't know if the authors considered this particular case, but they covered 
it.  We send a random value in that slot (and keep the time in our back 
pocket) so similar attacks are unlikley to work.

These are my opinions.  I hate spam.

More information about the devel mailing list