NTP BUG 2669: Buffer overflow in configure()
Last update: April 22, 2024 18:49 UTC (7e7bd5857)
Summary
Description
A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd
process.
Mitigation
Any of:
- Upgrade to 4.2.8 or later.
- Put
restrict ... noquery
in your ntp.conf
file, for non-trusted senders.
Credit
This vulnerability was discovered by Stephen Roettger of the Google Security Team.
Timeline