NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.
NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in the individual links below.
CRYPTO-NAK denial of service introduced in Sec 3007 patch. See Sec 3046, CVE-2016-4957. The CVSS score below describes this vulnerability.
Unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions.
Apply an update
The NTP Project credits Nicolas Edet of Cisco, Miroslav Lichvar of Red Hat, and Jakub Prokes of Red Hat for reporting these vulnerabilities.