NTP BUG 2913: mode 7 loop counter underrun

Last update: April 22, 2024 18:49 UTC (7e7bd5857)


Summary

Resolved 4.2.8p4 21 Oct 2015
References Bug 2913 CVE-2015-7848
Affects All ntp-4 releases up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77.
Resolved in 4.2.8p4.
CVSS2 Score 4.6 AV:N/AC:H/Au:M/C:N/I:N/A:C

Description

If ntpd is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash.


Mitigation


Credit

This weakness was discovered by Aleksandar Nikolic of Cisco Talos.


Timeline