This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote host is running a time server with a remote buffer overflow
According to its self-reported version number, the version of ntpd
running on the remote host has a stack-based buffer overflow
vulnerability. The vulnerability is in the 'crypto_recv()' function of
'ntpd/ntp_crypto.c'. This could allow a remote attacker to crash the
service or execute arbitrary code.
Note : this issue is only exploitable if ntpd was compiled with
OpenSSL support and has autokey authentication enabled. The presence
of the following line in ntp.conf indicates a vulnerable system :
crypto pw *password*
Nessus did not check if the system is configured in this manner.
See also :
Upgrade to ntpd version 4.2.4p7 / 4.2.5p74 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false