[Outages-discussion] GPSd bug may cause auth failures next week (10/24/2021)
Frank Bulk
frnkblk at iname.com
Fri Oct 22 16:12:17 EDT 2021
FYI, CISA also published something yesterday:
https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-ro
llover-bug
And it links to the same SANS Diary. =)
Frank
-----Original Message-----
From: Outages <outages-bounces at outages.org> On Behalf Of Jay R. Ashworth via
Outages
Sent: Monday, October 18, 2021 12:54 PM
To: Outages <outages at outages.org>
Subject: [outages] GPSd bug may cause auth failures next week (10/24/2021)
A bug in the GPS Week Rollover code of GPSd, which apparently isn't quite
as tight as ESR thinks it is, may cause GPD steered clocks and infrastructre
to report incorrect date-data starting on or about 10-24-2021 (presumably)
UTC,
and this may bubble up into authentication and security protocols (including
SSL) since they tend to depend on everyone having the same clock these days.
Write a post it note with that date on top, and put it on your cubicle wall,
so that if things get hincky that day, you remember why. Or, y'know,
whatever
internal dissemination protocol your organization utilizes. :-)
Replies to -discuss, please.
https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protoco
l+and+a+GPSD+Bug/27886/
https://gpsd.gitlab.io/gpsd/
Cheers,
-- jra
--
Jay R. Ashworth Baylink
jra at baylink.com
Designer The Things I Think RFC
2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover
DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647
1274
_______________________________________________
Outages mailing list
Outages at outages.org
https://puck.nether.net/mailman/listinfo/outages
More information about the Outages-discussion
mailing list