A vulnerability was found in NTP. A security issue which enables an off-path attacker to prevent ntpd from synchronizing with NTP servers not using authentication. A server mode packet with spoofed source address sent to the client ntpd causes the next transmission to be rescheduled, even if the packet doesn't have a valid origin timestamp. If the packet is sent to the client frequently enough, it will stop polling the server and not be able to synchronize with it.
*** Bug 1716661 has been marked as a duplicate of this bug. ***
External References: http://support.ntp.org/bin/view/Main/NtpBug3592
Mitigation: Use authentication with symmetric keys.
Created ntp tracking bugs for this issue: Affects: fedora-all [bug 1824831]
Could you please let me know the tentative resolution date of this bug?
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2663 https://access.redhat.com/errata/RHSA-2020:2663
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-11868