[security at ntpsec.org] Bug#964395: Does CVE-2020-13817 affect ntpsec?
rlaager at wiktel.com
Fri Aug 14 08:52:58 UTC 2020
On 8/13/20 5:48 AM, Hal Murray via devel wrote:
> That bug talks about feeding bogus time to a system by guessing the transmit
> time stamp.
> When ntpd gets a response, it drops responses where the time-stamp it sent
> doesn't match the corresponding slot in the reply. The idea is that most of
> the bits in that slot are predictable so an off path attacker has a good
> chance of getting a bogus response through by guessing the value the server is
> There is a draft in the pipeline:
> We implement that.
There is also this (which you forwarded to this list) which might help:
What's the status of that in NTPsec? I presume "not implemented", but is
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the devel