NTP BUG 3042: Broadcast interleave

Last update: February 15, 2022 20:59 UTC (43fbd379b)


Summary

Resolved 4.2.8p8 02 June 2016
References Bug 3042 CVE-2016-4956
Affects ntp-4, up to but not including ntp-4.2.8p8,
and ntp-4.3.0 up to, but not including ntp-4.3.93.
Resolved in 4.2.8p8.
CVSS2 Score LOW 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS3 Score LOW 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Description

The fix for NTP Bug 2978 does not cover broadcast associations, so broadcast clients can be triggered to flip into interleave mode.


Mitigation


Credit

This weakness was discovered by Miroslav Lichvar of Red Hat.


Timeline