r4 - 2006-11-15 - 19:43:52 - TWikiContributorYou are here: NTP >  Main Web > WebIndex
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Results from Main web retrieved at 16:25 (GMT)

Archive Access Via FTP
Archive Access Via HTTP
Available Services If you followed a URL which lead you here unexpectedly, you may have attempted to access a non existent service or you may have used an unsupported ...
Stable Release NEWS NTP 4.2.8 (Harlan Stenn, 2014/12/18) Focus: Security and Bug fixes, enhancements. Severity: HIGH In addition to bug fixes and enhancements, this ...
Code Audit The NTP Codebase undergoes security and defect audits from a number of sources, including: Area By Dates Protocol and core code David ...
NTP Contact Information
Documentation Index The Official NTP documentation is distributed as HTML only. Manpages, or other forms of documentation, are maintained by third parties. General ...
Donating to the Project Donation Goals As the NTP Public Services Project's userbase has grown, the needs of the project, as well as a number of people who want ...
Donations Wanted The NTP Public Services Project relies on contributions from OurDonors to support our operations. Please see DonatingToTheProject for more information ...
#8226; Remote Power Control #8226; Embedded System #8226; NAS/NFS server #8226; Refclocks #8226; IBM eServer p5, AIX #8226; IBM eServer p5, Linux
Links NTP Ports Microsoft Windows NT / 2000 / XP / Windows .NET Server 2003 Maintained by .TerjeMathisen (terje.mathisen@hda.hydro.com) NT 4, Windows ...
Current Versions Of NTP Download Recent Donors Complete list Some web badges created using Kalsey's Button Maker
Nobody Group Set GROUP Set ALLOWTOPICCHANGE TWikiAdminGroup Used to prevent dangerous actions e.g. renaming .TWikiPreferences put NobodyGroup as ...
NTP Bug 1593 ntpd abort in free() with logconfig syntax error
NTP Bug 1774 ntpd segfaults if cryptostats enabled when built without OpenSSL
NTP Bug 2382 Peer precision 31 gives division by zero
NTP Bug 2918 TALOS CAN 0062: Potential path traversal vulnerability in the config file saving of ntpd on VMS.
NTP Bug 2919 TALOS CAN 0063: ntpq atoascii() potential memory corruption
NTP Bug 2920 TALOS CAN 0064: Invalid length data provided by a custom refclock driver could cause a buffer overflow.
NTP Bug 2921 TALOS CAN 0065: Password Length Memory Corruption Vulnerability
NTP Bug 2922 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values.
NTP Bug 2935 Deja Vu: Replay attack on authenticated broadcast mode
NTP Bug 2936 Skeleton Key: Any trusted key system can serve time
NTP Bug 2937 nextvar() missing length check in ntpq
NTP Bug 2938 ntpq saveconfig command allows dangerous characters in filenames
NTP Bug 2939 reslist NULL pointer dereference
NTP Bug 2940 Stack exhaustion in recursive traversal of restriction list
NTP Bug 2941 NAK to the Future: Symmetric association authentication bypass via crypto NAK
NTP Bug 2942 Off path Denial of Service (DoS) attack on authenticated broadcast mode
NTP Bug 2945 0rigin: Zero Origin Timestamp Bypass
NTP Bug 2946 Origin Leak: ntpq and ntpdc Disclose Origin Timestamp to Unauthenticated Clients
NTP Bug 2947 ntpq protocol vulnerable to replay attacks
NTP Bug 2948 Potential Infinite Loop in ntpq
NTP Bug 2952 Original fix for NTP Bug 2901 broke peer associations
NTP Bug 2956 Small step/big step
NTP Bug 2978 Interleave pivot
NTP Bug 3008 ctl getitem() return value not always checked
NTP Bug 3009 Crafted addpeer with hmode 7 causes array wraparound with MATCH ASSOC
NTP Bug 3010 remote configuration trustedkey/requestkey/controlkey values are not properly validated
NTP Bug 3011 Duplicate IPs on unconfig directives will cause an assertion botch in ntpd
NTP Bug 3012 Sybil vulnerability: ephemeral association attack
NTP Bug 3012 (p12 update) Sybil vulnerability: ephemeral association attack
NTP Bug 3020 Refclock impersonation vulnerability
NTP Bug 3042 Broadcast interleave
NTP Bug 3043 Autokey association reset
NTP Bug 3044 Processing spoofed server packets
NTP Bug 3045 Bad authentication demobilizes ephemeral associations
NTP Bug 3046 CRYPTO NAK crash
NTP Bug 3067 Fix for bug 2085 broke initial sync calculations
NTP Bug 3071 Client rate limiting and server responses
NTP Bug 3072 Attack on interface selection
NTP Bug 3082 read mru list() does inadequate incoming packet checks
NTP Bug 3102 Zero Origin timestamp regression
NTP Bug 3110 Windows: ntpd DoS by oversized UDP packet
NTP Bug 3113 Broadcast Mode Poll Interval Enforcement DoS
NTP Bug 3114 Broadcast Mode Replay Prevention DoS
NTP Bug 3118 Mode 6 unauthenticated trap information disclosure and DDoS vector
NTP Bug 3119 Mode 6 unauthenticated trap information disclosure and DDoS vector
NTP Bug 3361 0rigin DoS (Medium)
NTP Bug 3376 NTP 01 001 NTP: Makefile does not enforce Security Flags (Informational)
NTP Bug 3377 NTP 01 002 NTP: Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)
NTP Bug 3378 NTP 01 003 NTP: Improper use of snprintf() in mx4200 send() (Low)
NTP Bug 3379 NTP 01 004 NTP: Potential Overflows in ctl put() functions (Medium)
NTP Bug 3380 NTP 01 005 NTP: Off by one in Oncore GPS Receiver (Low)
NTP Bug 3381 NTP 01 006 NTP: Copious amounts of Unused Code (Info)
NTP Bug 3382 NTP 01 007 NTP: Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)
NTP Bug 3383 NTP 01 008 NTP: Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)
NTP Bug 3384 NTP 01 009 NTP: Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)
NTP Bug 3385 NTP 01 010 NTP: ereallocarray()/eallocarray() underused (Info)
NTP Bug 3386 NTP 01 011 NTP: ntpq stripquotes() returns incorrect value (Info)
NTP Bug 3387 NTP 01 012 NTP: Authenticated DoS via Malicious Config Option (Medium)
NTP Bug 3388 NTP 01 014 NTP: Buffer Overflow in DPTS Clock (Low)
NTP Bug 3389 NTP 01 016 NTP: Denial of Service via Malformed Config (Medium)
NTP Bug 3412 ctl getitem(): buffer read overrun leads to undefined behavior and information leak (Info/Medium)
NTP Bug 3414 ntpq: decodearr() can write beyond its 'buf' limits (Medium)
NTP Bug 3415 Provide a way to prevent authenticated symmetric passive peering
NTP Bug 3453 Interleaved symmetric mode cannot recover from bad state
NTP Bug 3454 Unauthenticated packet can reset authenticated interleaved association
NTP Bug 3505 NTPQ/NTPDC: Buffer Overflow in openhost()
NTP Bug 3565 Crafted null dereference attack from a trusted source with an authenticated mode 6 packet
NTP Bug 3592 DoS Attack on Unauthenticated Client.
NTP Bug 3596 Unauthenticated and unmonitored ntpd may be susceptible to IPv4 attack from highly predictable transmit timestamps
NTP Bug 3610 process control() should bail earlier on short packets
NTP Bug 3661 Memory leak with CMAC keys
Our Donors Our donors are listed on our Current Members and Donors page. Please see our Donate page if you are interested in supporting the Project.
Name: Peter Thoeny Email: Peter #64;Thoeny.com Comment: Peter is the author of TWiki and therefore a TWiki:Codev/CoreTeam member. See home page at TWiki ...
Please update your bookmarks The page you are attempting to view is now located at: " else " "}% Please click the link shown above to continue. You will not ...
Release Notifications and Information #EmaiL E mail Announcements are made through the following mailing lists: Development Releases hackers@lists ...
Release Numbering Scheme Related Topics: EmbeddedVersionStringContent, ReleaseNumberingSchemeDiscussion ntp 4.3.0 (new) Once ntp 4.2.8 has been released we will ...
Shortcut URLs This topic lists the shortcut URLs for the NTP Public Services Project web site. These shortcuts are not case sensitive and will match the first part ...
NTP Software Development New users should consult the documentation page before contacting the NTP development team with questions. Bugzilla Tracking of NTP bugs ...
Software Downloads Current versions of NTP Source Code Releases (tarballs) RSS Feed for releases of NTP The NTP Reference Implementation is Source Code Releases ...
TWiki Administrator Group Set GROUP BradKnowles, HarlanStenn, SteveKostecke Set ALLOWTOPICCHANGE TWikiAdminGroup (Setup Note: (a) Verify that user authentication ...
nop Set GROUP , Main.Others... Set ALLOWTOPICCHANGE Related topics: , TWikiGroups, .TWikiAccessControl
These groups can be used to define fine grained .TWikiAccessControl in NTP: New Group: Note: A group topic name ...
A guest of this TWiki web, not unlike yourself. You can leave your trace behind you, just add your name in .TWikiRegistration and create your own page. Personal ...
Site level preferences are located in .TWikiPreferences , however this .TWikiPreferences prefs topic has override priority and should be used for local customisations ...
Stable 4.2.8p15 2020/06/23 Development 4.3.99 2019/06/07
Release Version Date Download ChangeLog Stable 4.2.8p15 2020/06/23 http/md5 http Development 4.3.99 2019/06/07 http/md5 ...
Tweet Current Versions Download RSS Recent Donors View the complete list Some web badges created using Kalsey's Button Maker
TestTopicThree TestDiv
The NTP Project The NTP Project produces a reference implementation of the NTP protocol, and implementation documentation, through a largely a volunteer effort. The ...
NTP's nop Main web The web for users, groups and offices. TWiki is an Enterprise Collaboration Platform.
Network Time Foundation's NTP Support Wiki Providing public support services for Time Foundation's NTP Project and hosting the IETF NTP Working Group. Copyright for ...
" warn "off"}% nop Contact Contributors Documentation Download Links Ports
Welcome Registration Users Groups Password
To subscribe, please add a bullet with your .WikiName in alphabetical order to this list: hackers #64;ntp.org: SoftwareDevelopment Related topics: .WebChangesAlert ...
nop Main Web Preferences The following settings are web preferences of the Main web. These preferences overwrite the site level preferences in ., and can be ...
" else " nop NTP's nop Main web"}% /Main The web for users, groups and offices. TWiki is an Enterprise Collaboration Platform.
nop MainWeb sidebar configuration See also: .WebSideBar, .TWikiSideBar Navigation Contact Contributors Documentation Download Links NTP ...
Statistics for nop Main Web Month: Topic views: Topic saves: File uploads: Most popular topic views: Top contributors for topic save and ...
This Wiki topic may not exist yet Similar topics in this web (if any): ... Search for similar topics in all public webs. If you intended to do a full text search ...
Why is NTP Important? One of the best explanations for this issue comes from Thomas Akin, in chapter 10 of his book Cisco Routers: Time is inherently important to ...
Number of topics: 138

See also the faster WebTopicList

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r4 < r3 < r2 < r1 | More topic actions
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback