NTP BUG 3412: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak
Last update: February 15, 2022 15:25 UTC (b158e7036)
ctl_getitem() is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an
ntpd instance, and if the
ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will cause
ctl_getitem() to read past the end of its buffer.
- Implement BCP-38.
- Upgrade to ntp-4.2.8p11 or later.
- Have enough sources of time.
- Properly monitor your
ntpd stops running, auto-restart it without
This weakness was discovered by Yihan Lian of Qihoo 360.