NTP BUG 2671: vallen is not validated in several places in ntp_crypto.c, leading to a potential info leak or possibly crashing ntpd

Last update: February 15, 2022 20:59 UTC (43fbd379b)


Summary

Resolved 4.2.8p1 04 Feb 2015
References Bug 2671 CVE-2014-9750
Affects All NTP4 releases before 4.2.8p1 that are running autokey. Resolved in 4.2.8p1.
CVSS2 Score 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

The vallen packet value is not validated in several code paths in ntp_crypto.c which can lead to information leakage or a possible crash of ntpd.


Mitigation

Any of:


Credit

This vulnerability was discovered by Stephen Roettger of the Google Security Team, with additional cases found by Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation.


Timeline