Network Time Protocol Daemon Integer Overflow Vulnerability

The Network Time Protocol daemon (NTPd) may be prone to an integer overflow vulnerability that may cause integrity loss in a machine.

It has been reported that if a client issues a request to a NTP server containing a date that is more than 34 years of the server's date, the server may calculate an erroneous offset reply. This issue could lead to a loss of integrity in a machine issuing a request to the NTP server as an erroneous time value would not correspond to logs and file creation and modification times, possibly disrupting the audit trail for security-related system and network events.

NTPd versions 3 and prior are reported to be affected by this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus