NTP BUG 1774: ntpd segfaults if cryptostats enabled when built without OpenSSL

Last update: April 1, 2022 17:48 UTC (e673b70fe)


Summary

Resolved 4.2.7p112 (Development)
4.2.8
18 Aug 2010
19 Dec 2014
References Bug 1774 CVE-2015-5195
Affects All ntp-4 releases up to and including 4.2.7p111. Resolved in 4.2.8.
CVSS2 Score 1.7 (worst case) AV:N/AC:H/Au:M/C:N/I:N/A:P

Description

If ntpd is not built with OpenSSL cryptography and ntpd is told to configure cryptography statistics, ntpd will crash.


Mitigation


Credit

This issue was tracked down by Steve Kostecke in 2011.