NTP BUG 3610: process_control() should bail earlier on short packets
Last update: June 27, 2022 20:45 UTC (51d68a4aa)
Summary
Description
Fuzz testing detected that on systems that override the default and enable ntpdc
(mode 7) packets, a short packet will cause ntpd
to read uninitialized data.
Mitigation
- Leave mode7 disabled.
- Pay attention to error messages logged by
ntpd
.
- Monitor your
ntpd
instances.
Upgrade to 4.2.8p14 or later.
Credit
Reported by Philippe Antoine (Catena cyber with oss-fuzz).
Timeline