FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ntp -- control message remote Deinal of Service vulnerability

Affected packages
ntp < 4.2.8p3
ntp-devel < 4.3.25

Details

VuXML ID 0d0f3050-1f69-11e5-9ba9-d050996490d0
Discovery 2015-06-29
Entry 2015-06-30

ntp.org reports:

Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true:

References

URL http://bugs.ntp.org/show_bug.cgi?id=2853
URL http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
URL https://www.kb.cert.org/vuls/id/668167