NTP update solves denial-of-service problem
Version 4.2.4p8 of NTP, an open source implementation of the Network Time Protocol, fixes a denial-of-service (DoS) flaw that occurs when processing certain request types and can cause high network and CPU loads on a vulnerable server. The problem is based on a ping-pong effect which involves two servers exchanging an endless string of error messages.
The "ping-pong " effect is caused by a flawed mode-7 request that quotes another NTP server as its sender and could, for instance, be sent to an NTP server by an attacker. If the address of the sender is the same as that of the recipient, an NTP server can also loop indefinitely on its own.
See also:
- NTP mode 7 denial-of-service vulnerability, advisory from US-CERT.
(crve)