ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. (CVE-2016-9311)
Impact
A remote attacker may be able to send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial-of-service (DoS) attack. The vulnerability is in the NTP trap service, which can be enabled by the control mode (mode 6) functionality ofntpd. This option is blocked, by default, on the BIG-IP system.