Allele Security Alert
ASA-2019-00269
Identifier(s)
ASA-2019-00269, CVE-2019-8936, FreeBSD-SA-19:04.ntp
Title
Authenticated denial of service in ntpd
Vendor(s)
The FreeBSD Project
Product(s)
FreeBSD
Affected version(s)
All supported versions of FreeBSD
Fixed version(s)
2019-03-07 13:45:36 UTC (stable/12, 12.0-STABLE)
2019-05-14 23:02:56 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-03-07 13:45:36 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 23:06:26 UTC (releng/11.2, 11.2-RELEASE-p10)
Proof of concept
Unknown
Description
A crafted malicious authenticated mode 6 packet from a permitted network address can trigger a NULL pointer dereference.
Note for this attack to work, the sending system must be on an address from which the target ntpd(8) accepts mode 6 packets, and must use a private key that is specifically listed as being used for mode 6 authorization.
Technical details
Unknown
Credits
Magnus Stubman
Reference(s)
Authenticated denial of service in ntpd
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:04.ntp.asc
CVE-2019-8936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936
CVE-2019-8936
https://nvd.nist.gov/vuln/detail/CVE-2019-8936
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 15, 2019