Security Notice

Security News

The Buffer overflow in ntp_control:ctl_getitem() function vulnerability has been recently "rediscovered" and a re-hash of an old exploit is being circulated. This issue only affects versions prior to, and including, 4.0.99k. Subsequent stable and development versions of NTP are not affected by thie exploit. The fix for vulnerable versions is documented at http://www.kb.cert.org/vuls/id/JSHA-4VJFMF.

Users are encouraged to update to the current stable version of NTP which is available from our SoftwareDownloads page.

Resolved Vulnerabilities

The following vulnerabilities have been reported for the Reference Implementation of NTP during the 20+ years that the NTP Project has existed.

Buffer overflow in ntp_control:ctl_getitem() function

• References: CVE-2001-0414 / VU#970472 / BID:2450
• Versions affected: 4.0.99k and earlier (aka xntpd and xntp3)
• Date resolved: 13 Jun 2001
• Summary: Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.

Internal overflow if date / time offset is greater than 34 years

• References: CAN-2004-0657 / VU#584606
• Versions affected: versions prior to 4.0
• Date resolved: July 1999
• Summary: Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

Reporting Security Issues

If you wish to report a security related bug please do so via e-mail to security@ntp.org instead of through the NTP Bugzilla.