NTP BUG 3387: Authenticated DoS via Malicious Config Option
Last update: February 15, 2022 20:59 UTC (43fbd379b)
A vulnerability found in the NTP server allows an authenticated remote attacker to crash the daemon by sending an invalid setting via the
:config directive. The
unpeer option expects a number or an address as an argument. In case the value is
0, a segmentation fault occurs.
- Implement BCP-38.
- Upgrade to 4.2.8p10 or later.
- Properly monitor your
ntpd instances, and auto-restart
-g) if it stops running.
This weakness was discovered by Cure53.