|Category:||Denial of Service|
|Title:||NTP < 4.2.8p13 NULL Pointer Dereference Vulnerability|
|Summary:||A crafted malicious authenticated mode 6 (ntpq) packet from a; permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for; this attack to work, the sending system must be on an address that the target's ntpd accepts mode; 6 packets from, and must use a private key that is specifically listed as being used for mode 6; authorization.|
A crafted malicious authenticated mode 6 (ntpq) packet from a
permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for
this attack to work, the sending system must be on an address that the target's ntpd accepts mode
6 packets from, and must use a private key that is specifically listed as being used for mode 6
Please see the references for more information on the vulnerabilities.
NTPd version prior to 4.2.8p13, 4.3.0 through 4.3.94.
Update to version 4.2.8p13, 4.3.94 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2019-8936|
Bugtraq: 20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-19:04
SuSE Security Announcement: openSUSE-SU-2019:1143 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1158 (Google Search)
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.