NTP BUG 2922: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values
Last update: June 28, 2022 20:06 UTC (57417e17c)
ntpd is fed a crafted mode 6 or mode 7 packet containing an unusually long data value where a network address is expected, the
decodenetnum() function will abort with an assertion failure instead of simply returning a failure condition.
- Implement BCP-38..
- Upgrade to 4.2.8p4 or later.
- If you are unable to upgrade:
- mode 7 is disabled by default. Don’t enable it.
restrict noquery to limit who can send mode 6 and mode 7 requests.
- Configure and use the
requestkey authentication directives to limit who can send mode 6 and mode 7 requests.
- Monitor your
This weakness was discovered by John D “Doug” Birdwell with the Institute for Defense Analyses (IDA.org).