NTP BUG 2952: Original fix for NTP Bug 2901 broke peer associations
Last update: June 28, 2022 20:06 UTC (57417e17c)
Summary
Resolved |
4.2.8p7 |
26 Apr 2016 |
References |
Bug 2952 |
CVE-2015-7704 |
Affects |
4.2.8p4 up to but not including 4.2.8p7, and 4.3.77 up to, but not including 4.3.92. |
Resolved in 4.2.8p7. |
Description
The fix for NTP Bug 2901 in ntp-4.2.8p4 went too far, breaking peer
associations.
Mitigation
- Upgrade to 4.2.8p7 or later.
- Don’t connect to ntp-4.2.8p4 thru p6 instances of
ntpd
using a peer
association.
- If you are running ntp-4.2.8p4 thru p6 instances of
ntpd
don’t expect clients that connect to you with peer
associations to work.
- Properly monitor your
ntpd
instances.
Credit
This weakness was discovered by Michael Tatarinov , NTP Project Developer Volunteer.
Timeline