ntp: denial of service

2015-07-07T00:00:00
ID ASA-201507-5
Type archlinux
Reporter Arch Linux
Modified 2015-07-07T00:00:00

Description

Under limited and specific circumstances an attacker can send a crafted remote-configuration packet containing a NUL-byte to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: - ntpd set up to allow for remote configuration (not allowed by default) - knowledge of the configuration password - access to a computer entrusted to perform remote configuration