NTP BUG 2671: vallen is not validated in several places in ntp_crypto.c
Last update: June 28, 2022 20:06 UTC (57417e17c)
vallen packet value is not validated in several code paths in
ntp_crypto.c which can lead to information leakage or a possible crash of
- Upgrade to 4.2.8p1 or later.
- Disable Autokey Authentication by removing, or commenting out, all configuration directives beginning with the
crypto keyword in your
This vulnerability was discovered by Stephen Roettger of the Google Security Team, with additional cases found by Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation.