ntp

Page content
  • Author: kikadf
  • Vulnerable: 4.2.6p5-3arcturus1
  • Unaffected: 4.2.6p5-3arcturus2

ntpd generated a weak key for its internal use, with full administrative privileges. The ntp-keygen utility generated weak MD5 keys with insufficient entropy. ntpd had several buffer overflows (both on the stack and in the data section), allowing remote authenticated attackers to crash ntpd or potentially execute arbitrary code. The general packet processing function in ntpd did not handle an error case correctly.

CVEs: