|
|
Subscribe / Log in / New account

openntpd/busybox: denial of service

Package(s):openntpd busybox CVE #(s):CVE-2016-6301
Created:August 9, 2016 Updated:January 2, 2017
Description: From the Mageia advisory:

The busybox NTP implementation doesn't check the NTP mode of packets received on the server port and responds to any packet with the right size. This includes responses from another NTP server. An attacker can send a packet with a spoofed source address in order to create an infinite loop of responses between two busybox NTP servers. Adding more packets to the loop increases the traffic between the servers until one of them has a fully loaded CPU and/or network.

Alerts:
Mageia MGASA-2016-0277 openntpd/busybox 2016-08-09
Gentoo 201701-05 busybox 2017-01-01
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds