Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87ha9qotcq.fsf@mid.deneb.enyo.de>
Date: Mon, 30 Dec 2013 23:40:37 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE to the ntp monlist DDoS issue?

* Moritz Muehlenhoff:

> On Mon, Dec 30, 2013 at 09:05:56AM -0500, cve-assign@...re.org wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> > Has anyone thought about assigning a CVE to this?
>> 
>> http://bugs.ntp.org/show_bug.cgi?id=1532 was assigned CVE-2013-5211.
>
> Shouldn't this rather be CVE-2010-XXXX ?

I don't think this was previously discussed as a security issue in
public.  There is a 2011 reference here that explicitly cites
amplification factors, though:

<http://lists.ntp.org/pipermail/pool/2011-December/005616.html>

This has an odd feeling of déjà vu to me, but I suspect the previous
discusssions have been on private channels of which I no longer have
records.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.