Network Time Protocol Daemon (ntpd) readvar Variable Overflow RCE
Critical Nessus Plugin ID 10647
SynopsisThe remote NTP server is affected by a remote code execution vulnerability.
DescriptionThe remote NTP server is affected by a buffer overflow condition due to improper bounds checking on the 'readvar' argument. An unauthenticated, remote attacker can exploit this, via a specially crafted request that uses an overly long argument, to execute arbitrary code with root privileges.
SolutionDisable this service if you do not use it, or check with the vendor for an upgrade to a fixed version.