The 2015 Pwnie Nominee For Best Server-Side Bug

Clobberin’ Time (CVE-2014-9293, CVE-2014-9295)

Credit: Stephen Röttger and Neel Mehta

A chain of bugs lead to RCE in ntpd through: broken source IP check for access control, weak default key in configuration interface, an infoleak, and then finally sweet, sweet buffer overflow.

Clobberin’ Time