NTP BUG 2853: ntpd control message crash: Crafted NUL-byte in configuration directive
Last update: February 15, 2022 20:59 UTC (43fbd379b)
Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable
ntpd instance to crash. This requires each of the following to be true:
ntpd set up to allow for remote configuration (not allowed by default), and
- knowledge of the configuration password, and
- access to a computer entrusted to perform remote configuration.
- Upgrade to 4.2.8p3 or later.
- Be prudent when deciding what IP addresses can perform remote configuration of an
- Monitor your
This weakness was discovered by Aleksis Kauppinen of Codenomicon.