NTP BUG 3082: read_mru_list() does inadequate incoming packet checks
Last update: February 15, 2022 20:59 UTC (43fbd379b)
ntpd is configured to allow
mrulist query requests from a server that sends a crafted malicious packet,
ntpd will crash on receipt of that crafted malicious
mrulist query packet.
- Only allow
mrulist query packets from trusted hosts.
- Implement BCP-38.
- Upgrade to 4.2.8p9 or later.
- Properly monitor your
ntpd instances, and auto-restart
-g) if it stops running.
This weakness was discovered by Magnus Stubman.