The precise determination of time is a somewhat arcane field - a field that I find very interesting. I am a time nut. A heads-up from The Register:
It's time: Patch Network Time Protocol before it loses track of time
The maintainers of the Network Time Protocol daemon (ntpd) have pushed out a patch for ten security vulnerabilities.
Leading the fixfest is a trap-crash turned up by Cisco's Matthew Van Gundy.
If ntpd is configured with the trap
service enabled, a malformed packet causes a null pointer dereference and crash it.
A Windows bug fixed in ntpd Version ntp-4.2.8p9 is triggered by an oversized UDP packet, and its discoverer, Magnus Stubman, has posted proof-of-concept code here.
CERT's full list of the vulnerabilities and fixes is here.
That is all - next up is the Leap Second on December 31st.
Leave a comment