It was found that several functions in NTP's ntp_crypto.c did not properly validate the vallen packet value. A remote attacker could use this flaw to cause an information leak or crash ntpd via a specially crafted vallen packet. Upstream issue: http://bugs.ntp.org/show_bug.cgi?id=2671 External References: http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever
Created ntp tracking bugs for this issue: Affects: fedora-all [bug 1189412]