| Impact |
| + |
A remote, non-authenticated peer can cause a denial of service, preventing the vulnerable host from getting a correct time. In addition to that, a remote, authenticated peer can spoof the correct time, causing the vulnerable host to update its clock with an invalid time. |
| + |
A malicious NTPd server, or an attacker in position of man-in-the- middle might be able to execute arbitrary code on the affected host by forging a response to an ntpq request. |
|