[ntp:security] [Bug 2853] Crafted remote config packet can crash some versions of ntpd.

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Mon Jun 29 19:04:52 UTC 2015


--- Comment #4 from Harlan Stenn <stenn at ntp.org> 2015-06-29 19:04:52 UTC ---
To summarize, if:

- remote configuration of ntpd is enabled (it's disabled by default),
- and an attacker knows the remote configuration password,
- and has access to a computer that is allowed to send remote configuration
requests to ntpd,

the attacker can send a carefully-crafted packet to ntpd that will cause ntpd
to crash.

The loophole that allowed this attack was closed in May of 2015.

We received this report in mid-June of 2015.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list