NTP BUG 2853: ntpd control message crash: Crafted NUL-byte in configuration directive
Last update: June 28, 2022 20:06 UTC (57417e17c)
Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable
ntpd instance to crash. This requires each of the following to be true:
ntpd set up to allow for remote configuration (not allowed by default), and
- knowledge of the configuration password, and
- access to a computer entrusted to perform remote configuration.
- Upgrade to 4.2.8p3 or later.
- Be prudent when deciding what IP addresses can perform remote configuration of an
- Monitor your
This weakness was discovered by Aleksis Kauppinen of Codenomicon.