NTP, the much maligned protocol abused in a number of high volume DDoS attacks a year ago, is suffering from newly patched vulnerabilities that could allow an attacker to send unauthenticated packets to a client that would be executed.
The Department of Homeland Security and CERT at the Software Engineering Institute at Carnegie Mellon University on Tuesday issued an advisory warning of the two vulnerabilities, which were patched in ntp-4.2 8p2.