Last update: April 22, 2024 18:49 UTC (7e7bd5857)
| Resolved | 4.2.8p13 | 07 Mar 2019 |
|---|---|---|
| References | Bug 3565 | CVE-2019-8936 |
| Affects | All ntp-4 releases up to, but not including 4.2.8p13, and 4.3.0 up to, but not including 4.3.94. |
Resolved in 4.2.8p13 and 4.3.94. |
| CVSS2 Score | 4.6 | AV:N/AC:H/Au:M/C:N/I:N/A:C |
| CVSS3 Score | 4.2 | CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H |
A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for this attack to work, the sending system must be on an address that the target’s ntpd accepts mode 6 packets from, and must use a private key that is specifically listed as being used for mode 6 authorization.
restrict noquery to limit addresses that can send mode 6 queries.ntp.keys.Reported by Magnus Stubman.