NTP BUG 2671: vallen is not validated in several places in ntp_crypto.c

Last update: April 22, 2024 18:49 UTC (7e7bd5857)

Summary

Resolved	4.2.8p1	04 Feb 2015
References	Bug 2671	CVE-2014-9750
Affects	All NTP4 releases before 4.2.8p1 that are running autokey.	Resolved in 4.2.8p1.
CVSS2 Score	7.5	AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

The vallen packet value is not validated in several code paths in ntp_crypto.c which can lead to information leakage or a possible crash of ntpd.

Mitigation

Any of:

Upgrade to 4.2.8p1 or later.
Disable Autokey Authentication by removing, or commenting out, all configuration directives beginning with the crypto keyword in your ntp.conf file.

Credit

This vulnerability was discovered by Stephen Roettger of the Google Security Team, with additional cases found by Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation.

Timeline

2015 Feb 4: Public release
: Early Access Program Release: Premier and Partner Institutional Members
: Notification to Institutional Members
: Initial notification received; analysis begins