NTP BUG 2913: mode 7 loop counter underrun
Last update: June 28, 2022 20:06 UTC (57417e17c)
ntpd is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to
ntpd that will cause it to crash.
- Implement BCP-38.
- Upgrade to 4.2.8p4 or later.
- If you are unable to upgrade:
- In ntp-4.2.8, mode 7 is disabled by default. Don’t enable it.
- If you must enable mode 7:
- configure the use of a
requestkey to control who can issue mode 7 requests.
restrict noquery to further limit mode 7 requests to trusted sources.
- Monitor your
This weakness was discovered by Aleksandar Nikolic of Cisco Talos.