VuXML: ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet

Affected packages

ntp

4.2.8p13

12.0

FreeBSD

12.0_2

11.2

FreeBSD

11.2_8

Details

VuXML ID	c2576e14-36e2-11e9-9eda-206a8a720317
Discovery	2019-01-15
Entry	2019-03-07
Modified	2019-07-30

VuXML ID

c2576e14-36e2-11e9-9eda-206a8a720317

Discovery

2019-01-15

Entry

2019-03-07

Modified

2019-07-30

Network Time Foundation reports:

A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd.

Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets from, and must use a private key that is specifically listed as being used for mode 6 authorization.

Impact: The ntpd daemon can crash due to the NULL pointer dereference, causing a denial of service.

Mitigation:

Use restrict noquery to limit addresses that can send mode 6 queries.

Limit access to the private controlkey in ntp.keys.

Upgrade to 4.2.8p13, or later.

[source]

CVE Name	CVE-2019-8936
FreeBSD Advisory	SA-19:04.ntp
URL	http://bugs.ntp.org/3565
URL	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8936
URL	https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:M/C:N/I:N/A:C)
URL	https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet

Details

References