The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
Impact
The ntpdprocess could stop responding, due to an uninitialized variable, when processing malformed configuration commands.
F5 has evaluated this vulnerability as having low impact to the BIG-IP product line for the following reasons: