F5 Networks BIG-IP : NTP vulnerability (K20804323)
Medium Nessus Plugin ID 97152
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
Using a crafted packet to create a peer association with hmode > 7 causes the MATCH_ASSOC() lookup to make an out-of-bounds reference.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K20804323.