NTP BUG 3806: libntp/mstolfp() needs bounds checking
Last update: June 1, 2023 11:28 UTC (d2a7faef2)
This vulnerability only affects
ntpq and does NOT affect
ntpd. This vulnerability could have been reported via a single CVE.
ntpq makes requests of a target
ntpd from a short-lived random high port and displays the results to the user. An attacker can send a crafted response if they either control the queried
ntpd or become a “man-in-the-middle” (MITM) on the network path. This crafted response causes a buffer overflow in the victim’s
ntpq client if it consists of a long ASCII character string that matches the pattern:
ntpq -c raw ... .
- Apply the patch to 4.2.8p15 (or earlier, perhaps with some modifications), and build and install
- Upgrade to 4.2.8p16, or later, from the NTP Project download site.
Reported by Ping Lee (spwpun).