NTP BUG 3102: Zero Origin timestamp regression

Last update: February 15, 2022 20:59 UTC (43fbd379b)


Summary

Resolved 4.2.8p9 21 Nov 2016
References Bug 3102 CVE-2016-7431
Affects ntp-4.2.8p8 and ntp-4.3.93. Resolved in 4.2.8p9.
CVSS2 Score MED 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3 Score MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks.


Mitigation


Credit

This weakness was discovered by Sharon Goldberg and Aanchal Malhotra of Boston University.


Timeline