F5 Networks BIG-IP : NTP vulnerability (SOL15936)
High Nessus Plugin ID 81557
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionMultiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution SOL15936.