NTP BUG 2919: ntpq atoascii() potential memory corruption
Last update: March 2, 2022 17:28 UTC (616623bea)
If an attacker can figure out the precise moment that
ntpq is listening for data and the port number it is listening on or if the attacker can provide a malicious instance
ntpd that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by
ntpq, can cause
ntpq to crash.
- Implement BCP-38.
- Upgrade to 4.2.8p4 or later.
- If you are unable to upgrade and you run
ntpq against a server and
ntpq crashes, try again using raw mode. Build or get a patched
ntpq and see if that fixes the problem. Report new bugs in
ntpq or abusive servers appropriately.
- If you use
ntpq in scripts, make sure
ntpq does what you expect in your scripts.
This weakness was discovered by Yves Younan and Aleksander Nikolich of Cisco Talos.