NTP BUG 1774: ntpd segfaults if cryptostats enabled when built without OpenSSL

Last update: June 28, 2022 20:06 UTC (57417e17c)

Resolved	4.2.7p112 (Development) 4.2.8	18 Aug 2010 19 Dec 2014
References	Bug 1774	CVE-2015-5195
Affects	All ntp-4 releases up to and including 4.2.7p111.	Resolved in 4.2.8.
CVSS2 Score	1.7 (worst case)	AV:N/AC:H/Au:M/C:N/I:N/A:P

If ntpd is not built with OpenSSL cryptography and ntpd is told to configure cryptography statistics, ntpd will crash.

Don’t specify cryptography statistics directives in unpatched releases of ntpd if your ntpd doesn’t support cryptography.
Upgrade to 4.2.8p4 or later.
Monitor your ntpd instances.

This issue was tracked down by Steve Kostecke in 2011.