NTP BUG 2940: Stack exhaustion in recursive traversal of restriction list
Last update: April 22, 2024 18:49 UTC (7e7bd5857)
Summary
Description
An unauthenticated ntpdc reslist
command can cause a segmentation fault in ntpd
by exhausting the call stack.
Mitigation
-
Implement BCP-38.
-
Upgrade to 4.2.8p6 or later.](https://downloads.nwtime.org/ntp/4.2.8/)
-
If you are unable to upgrade:
- In ntp-4.2.8, mode 7 is disabled by default. Don’t enable it.
- If you must enable mode 7:
- configure the use of a
requestkey
to control who can issue mode 7 requests.
- configure
restrict noquery
to further limit mode 7 requests to trusted sources.
-
Monitor your ntpd
instances.
Credit
This weakness was discovered by Stephen Gray of Cisco ASIG.
Timeline