VULHUB ™

The Network Time Protocol daemon (NTPd) may be prone to an integer overflow vulnerability that may cause integrity loss in a machine. It has been reported that if a client issues a request to a NTP server containing a date that is more than 34 years of the server's date, the server may calculate an erroneous offset reply. This issue could lead to a loss of integrity in a machine issuing a request to the NTP server as an erroneous time value would not correspond to logs and file creation and modification times, possibly disrupting the audit trail for security-related system and network events. NTPd versions 3 and prior are reported to be affected by this issue.

The Network Time Protocol daemon (NTPd) may be prone to an integer overflow vulnerability that may cause integrity loss in a machine. It has been reported that if a client issues a request to a NTP server containing a date that is more than 34 years of the server's date, the server may calculate an erroneous offset reply. This issue could lead to a loss of integrity in a machine issuing a request to the NTP server as an erroneous time value would not correspond to logs and file creation and modification times, possibly disrupting the audit trail for security-related system and network events. NTPd versions 3 and prior are reported to be affected by this issue.