FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ntp -- control message remote Denial of Service vulnerability

Affected packages
	ntp	<	4.2.8p3
	ntp-devel	<	4.3.25

Details

VuXML ID	0d0f3050-1f69-11e5-9ba9-d050996490d0
Discovery	2015-06-29
Entry	2015-06-30

ntp.org reports:

Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true:

ntpd set up to allow for remote configuration (not allowed by default), and

knowledge of the configuration password, and

access to a computer entrusted to perform remote configuration.

[source]

References

URL	http://bugs.ntp.org/show_bug.cgi?id=2853
URL	http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
URL	https://www.kb.cert.org/vuls/id/668167