The following flaw was found in ntpd: While the majority OSes implement martian packet filtering in their network stack, at least regarding 127.0.0.0/8, a rare few will allow packets claiming to be from 127.0.0.0/8 that arrive over physical network. On these OSes, if ntpd is configured to use a reference clock an attacker can inject packets over the network that look like they are coming from that reference clock. Upstream bugs: http://support.ntp.org/bin/view/Main/NtpBug3020 External References: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security http://www.talosintel.com/reports/TALOS-2016-0132/
Statement: This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7 as the Linux kernel drops packets from 127.0.0.0/8, mitigating this issue.