Stephen Gray

**Name of the Vulnerable Software and Affected Versions** NTP versions 4.2.8p4 and earlier NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92 **Description** An off-path attacker can cause a preemptible client association to be demobilized by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This issue persists even when authentication is enabled. **Recommendations** For NTP versions 4.2.8p4 and earlier, consider disabling the preemptible client association feature until a patch is available. For NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92, restrict access to the crypto NAK packet handling mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ntp versions 4.2.8p4 NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92 **Description** An issue exists in the message authentication functionality of libntp, allowing an attacker to send crafted messages in an attempt to recover the `message digest key`. This could potentially be exploited by sending a series of crafted messages. **Recommendations** For ntp version 4.2.8p4, consider updating to a version where this issue is resolved, as the current version is affected. For NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92, restrict access to the `message authentication` functionality until a patch is available. As a temporary workaround, consider disabling the `message authentication` functionality in libntp until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ntpd versions 4.2.8p5 and earlier, 4.3.x prior to 4.3.90 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference, via a ntpdc reslist command. **Recommendations** For versions 4.2.8p5 and earlier, update to version 4.2.8p6 or later. For versions 4.3.x prior to 4.3.90, update to version 4.3.90 or later.

**Name of the Vulnerable Software and Affected Versions** NTP versions prior to 4.2.8p6 NTP versions 4.3.0 prior to 4.3.90 **Description** The issue allows remote attackers to cause a denial of service, specifically stack exhaustion, by sending an ntpdc relist command. This command triggers recursive traversal of the restriction list. **Recommendations** For NTP versions prior to 4.2.8p6, update to version 4.2.8p6 or later to resolve the issue. For NTP versions 4.3.0 prior to 4.3.90, update to version 4.3.90 or later to resolve the issue.