NTP BUG 3389: Denial of Service via Malformed Config
Last update: June 27, 2022 20:45 UTC (51d68a4aa)
Summary
Description
A vulnerability found in the NTP server makes it possible for an authenticated remote user to crash ntpd
via a malformed mode configuration directive.
Mitigation
- Implement BCP-38.
- Upgrade to 4.2.8p10 or later.
- Properly monitor your
ntpd
instances, and auto-restart ntpd
(without -g
) if it stops running.
Credit
This weakness was discovered by Cure53.
Timeline