Dave, David L. Mills wrote: > Martin, > > Thanks for the reminder. In the six years hence the code has gone > through a number of securiy audits and defensive adjustments, one or > more of which might have plugged the hole. The code at time.nist.gov is > 4.1.1b, which must be before 4.1.1c, dated 10 June 2003, and has the > hole plugged, so the hole got plugged before that.
Hm, a search in the bitkeeper changelogs yields: 2002-08-04 (6 years) stenn 1.892 Attempt to compensate for Microsoft's protocol violations. From: Dave Mills. However, the most recent entry in the Changelog file from the v4.1.1b tarball is: [EMAIL PROTECTED], 2002-02-26 22:44:34-05:00, [EMAIL PROTECTED] ntp-4.1.1 TAG: NTP_4_1_1 Yes, the changlog still had a date stamp those days, and this one seems to indicate that 4.1.1b has been release *before* the workaround for MS had been introduced. Anyway, those days the 4.1.1 versions were from the -stable branch whereas the ntp-dev versions were 4.1.7x. Since the workaround was added to ntp-dev it appeared (at least in the changelog file) in the v4.1.73 tarball, which was released 2003-01-22. So that workaround for w32time clients has never been in v4.1.1x versions, however, it is in v4.2.0. Looking through the changesets reveals that the workaround was modified and finally removed in March/April 2005. > There is talk about the code being audited by someone other than me, in > which case the hole might get plugged again. Maybe a comment in the code saying *why* this specific handling has been added would prevent it from being removed. > Does the Meinberg workaround appear in Microsoft KB? We've been searching for the reason of this problem with one of our customers, and the first hint was in this news article at microsoft.public.windows.server.migration: http://groups.google.com/groups?selm=qREQ%248lrDHA.2308%40cpmsftngxa06.phx.gbl This was forwarded to the German MS support who had been unable to help our customer earlier. So finally a KB article was written on this topic. The KB article was first used by MS internally only and then published, AFAIR in 2004: http://support.microsoft.com/?scid=kb;en;875424 Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
