A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash.
Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation of a small-print variable in The Book, the fix for this problem was incorrect, resulting in a root distance that did not include the peer dispersion. The calculations and formulae have been reviewed and reconciled, and the code has been updated accordingly.
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1397351]
When an offpath attacker can spoof the first ntp reply, ntpd will jump and when it gets a real response, it will exit.
Is an RPM released with fix for this. I haven't seen one @ http://mirror.centos.org.
If not released, what is ETA for same?
Wondering the same thing. Is an errata update for el6/el7 forthcoming? Thanks.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0252 https://rhn.redhat.com/errata/RHSA-2017-0252.html