NTP BUG 2667: Buffer overflow in crypto_recv()

Last update: February 15, 2022 20:59 UTC (43fbd379b)


Summary

Resolved 4.2.8 18 Dec 2014
References Bug 2667 CVE-2014-9295
Affects All releases before 4.2.8. Resolved in 4.2.8.
CVSS2 Score 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

When Autokey Authentication is enabled (i.e. the ntp.conf file contains a crypto pw ... directive) a remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process.


Mitigation

Any of:


Credit

This vulnerability was discovered by Stephen Roettger of the Google Security Team.


Timeline