FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet

Affected packages
ntp < 4.2.8p13
12.0 <= FreeBSD < 12.0_2
11.2 <= FreeBSD < 11.2_8


VuXML ID c2576e14-36e2-11e9-9eda-206a8a720317
Discovery 2019-01-15
Entry 2019-03-07
Modified 2019-07-30

Network Time Foundation reports:

A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd.

Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets from, and must use a private key that is specifically listed as being used for mode 6 authorization.

Impact: The ntpd daemon can crash due to the NULL pointer dereference, causing a denial of service.



CVE Name CVE-2019-8936
FreeBSD Advisory SA-19:04.ntp