NTP BUG 2382: Peer precision < -31 gives division by zero

Last update: April 22, 2024 18:49 UTC (7e7bd5857)

Resolved	4.2.7p367 (Development) 4.2.8	25 Apr 2013 19 Dec 2014
References	Bug 2382	CVE-2015-5219
Affects	ntp-4.2.5p111 up to and including 4.2.7p366. This includes ntp-4.2.6.	Resolved in 4.2.8
CVSS2 Score	1.7 (worst case)	AV:N/AC:H/Au:M/C:N/I:N/A:P

If MINPOLL is set to 3 then it’s possible to crash some versions of ntpd.

If you decide to override the default value of minpoll, make sure you use a value of 4 or more.
Upgrade to 4.2.8p4 or later.
Monitor your ntpd instances.

This issue was reported by Juha Sarlin in April of 2013.