Red Hat Bugzilla – Bug 1300267
CVE-2015-7975 ntp: nextvar() missing length check in ntpq
Last modified: 2016-01-21 06:35:56 EST
It was found that ntpq did not implement a proper lenght check when calling nextvar(), which executes a memcpy(), on the name buffer.
A remote attacker could potentially use this flaw to crash an ntpq client instance.
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1300277]
This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they do not include the affected code, which was introduced in version 4.2.8 of NTP.