NTP BUG 3046: CRYPTO_NAK crash

Last update: February 15, 2022 20:59 UTC (43fbd379b)


Summary

Resolved 4.2.8p8 02 June 2016
References Bug 3046 CVE-2016-4957
Affects ntp-4.2.8p7, and ntp-4.3.92. Resolved in 4.2.8p8.
CVSS2 Score HIGH 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3 Score HIGH 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

The fix for 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash.


Mitigation


Credit

This weakness was discovered by Nicolas Edet of Cisco.


Timeline