NTP BUG 3082: read_mru_list() does inadequate incoming packet checks
Last update: April 22, 2024 18:49 UTC (7e7bd5857)
Summary
Description
If ntpd
is configured to allow mrulist
query requests from a server that sends a crafted malicious packet, ntpd
will crash on receipt of that crafted malicious mrulist
query packet.
Mitigation
- Only allow
mrulist
query packets from trusted hosts.
- Implement BCP-38.
- Upgrade to 4.2.8p9 or later.
- Properly monitor your
ntpd
instances, and auto-restart ntpd
(without -g
) if it stops running.
Credit
This weakness was discovered by Magnus Stubman.
Timeline