Red Hat Bugzilla – Bug 1274262
CVE-2015-7853 ntp: reference clock memory corruption vulnerability
Last modified: 2016-05-09 21:54:46 EDT
The following flaw was found in ntpd:
A potential buffer overflow vulnerability exists in the refclock of ntpd. An invalid length provided by a hardware reference clock could cause a buffer overflow potentially resulting in memory being modified. A malicious reflock could provide a negative length to trigger this vulnerability.
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1296163]
This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they do not include the custom refclock driver.