ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11868
Reference (s):
- https://security.netapp.com/advisory/ntap-20200424-0002/
- URL: https://security.netapp.com/advisory/ntap-20200424-0002/
- GENTOO:GLSA-202007-12
- URL: https://security.gentoo.org/glsa/202007-12
- http://support.ntp.org/bin/view/Main/NtpBug3592