Vigil@nce - NTP.org: infinite loop of sntp
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, spoofing replies of a NTP server, can generate an
infinite loop in sntp of NTP.org, in order to trigger a denial of
service.
– Impacted products: Meinberg NTP Server, NTP.org.
– Severity: 1/4.
– Creation date: 25/08/2015.
DESCRIPTION OF THE VULNERABILITY
The NTP.org product implements a sntp client.
However, if the NTP server returns a malicious packet, an infinite
loop occurs in sntp.
An attacker, spoofing replies of a NTP server, can therefore
generate an infinite loop in sntp of NTP.org, in order to trigger
a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/NTP-org-infinite-loop-of-sntp-17748