NETWORK TIME PROTOCOL NTPD MULTIPLE INTEGER OVERFLOW READ ACCESS VIOLATIONS
The MITRE CVE dictionary describes this issue as:
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.
This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7, as they do not include the affected functionality.
CVSS V2: – 4.3 – AV:N/AC:M/Au:N/C:N/I:N/A:P