FreeBSD Security Advisory - ntp Issues

Discussion in 'News Aggregator' started by Packet Storm, 9 Apr 2015.

  1. Packet Storm

    Packet Storm Guest

    FreeBSD Security Advisory - The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. The vallen packet value is not validated in several code paths in ntp_crypto.c. When ntpd(8) is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code (MAC) in received packets is valid, but not that there actually is any MAC included, and packets without a MAC are accepted as if they had a valid MAC. NTP state variables are updated prior to validating the received packets.

    Continue reading...
     

Share This Page

Loading...