NTP BUG 2919: ntpq atoascii() potential memory corruption

Last update: March 2, 2022 17:28 UTC (616623bea)


Summary

Resolved 4.2.8p4 21 Oct 2015
References Bug 2919 CVE-2015-7852
Affects All ntp-4 releases running up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77.
Resolved in 4.2.8p4
CVSS2 Score 4.0, worst case AV:N/AC:H/Au:N/C:N/I:P/A:P

Description

If an attacker can figure out the precise moment that ntpq is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq, can cause ntpq to crash.


Mitigation


Credit

This weakness was discovered by Yves Younan and Aleksander Nikolich of Cisco Talos.


Timeline