FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Multiple vulnerabilities of ntp

Affected packages
11.0 <= FreeBSD < 11.0_9
10.3 <= FreeBSD < 10.3_18

Details

VuXML ID 3c0237f5-420e-11e7-82c5-14dae9d210b8
Discovery 2017-04-12
Entry 2017-05-26

Problem Description:

A vulnerability was discovered in the NTP server's parsing of configuration directives. [CVE-2017-6464]

A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. [CVE-2017-6462]

A vulnerability was discovered in the NTP server's parsing of configuration directives. [CVE-2017-6463]

A vulnerability was found in NTP, affecting the origin timestamp check function. [CVE-2016-9042]

Impact:

A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. [CVE-2017-6463, CVE-2017-6464]

A malicious device could send crafted messages, causing ntpd to crash. [CVE-2017-6462]

An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service. [CVE-2016-9042]

References

CVE Name CVE-2016-9042
CVE Name CVE-2017-6462
CVE Name CVE-2017-6463
CVE Name CVE-2017-6464
FreeBSD Advisory SA-17:03.ntp