ntpd in NTP prior to 4.2.8p9, when the trap service is enabled, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
Synopsis
Moderate: ntp security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syste ...
Ephemeral association time spoofing additional protectionntpd in ntp 42x before 428p7 and 43x before 4392 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an ...
The following security-related issues were resolved:
CVE-2016-7426: Client rate limiting and server responsesCVE-2016-7429: Attack on interface selectionCVE-2016-7433: Broken initial sync calculations regressionCVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vectorCVE-2016-9311: Null pointer dereference when trap service ...
A flaw was found in the way ntpd implemented the trap service A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service ...
ntpd does not enable trap service by default If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service ...
Vulmon