CVE-2014-5209

Name of the Vulnerable Software and Affected Versions NTP version 4.2.7p25

Description The issue allows a malicious user to obtain sensitive information through private (mode 6/7) messages via a GET RESTRICT control message. Additionally, a remote authenticated attacker could bypass security restrictions by creating multiple ephemeral associations to win the clock selection of ntpd, potentially modifying a victim's clock.

Recommendations For NTP version 4.2.7p25, consider restricting access to the GET RESTRICT control message to prevent information disclosure. As a temporary workaround, restrict the ability to create multiple ephemeral associations to prevent Sybil attacks from authenticated peers.