NTP BUG 3011: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd
Last update: June 28, 2022 20:06 UTC (57417e17c)
ntpd was expressly configured to allow for remote configuration, a malicious user who knows the
ntpq or the
ntpdc (if mode7 is expressly enabled) can create a session with
ntpd and if an existing association is unconfigured using the same IP twice on the
unconfig directive line,
ntpd will abort.
This weakness was discovered by Yihan Lian of the Cloud Security Team, Qihoo 360.