NTP BUG 2940: Stack exhaustion in recursive traversal of restriction list
Last update: June 28, 2022 20:06 UTC (57417e17c)
ntpdc reslist command can cause a segmentation fault in
ntpd by exhausting the call stack.
Upgrade to 4.2.8p6 or later.](/downloads/)
If you are unable to upgrade:
- In ntp-4.2.8, mode 7 is disabled by default. Don’t enable it.
- If you must enable mode 7:
- configure the use of a
requestkey to control who can issue mode 7 requests.
restrict noquery to further limit mode 7 requests to trusted sources.
This weakness was discovered by Stephen Gray of Cisco ASIG.