ntp_crypto.c in ntpd in NTP 4.x prior to 4.2.8p1, when Autokey Authentication is enabled, allows remote malicious users to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ntp ntp |
||
ntp ntp 4.2.8 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
oracle linux 7 |