NTP BUG 2899: Incomplete autokey data packet length checks

Last update: April 1, 2022 15:20 UTC (3e558b47f)


Summary

Resolved 4.2.8p4 21 Oct 2015
References Bug 2899 CVE-2015-7691
CVE-2015-7692
CVE-2015-7702
Affects All ntp-4 releases up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77.
Resolved in 4.2.8p4.
CVSS2 Score 4.6 AV:N/AC:H/Au:M/C:N/I:N/A:C

Description

Incorrect patch for 2671, in crypto_xmit(). Missing length checks for autokey with GQ identity scheme.

The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash.


Mitigation


Credit

This weakness was discovered by Tenable Network Security.


Timeline