FreeBSD Security Advisory – The ntpd(8) daemon has a safety feature to prevent excessive stepping of the clock called the “panic threshold”. If ever ntpd(8) determines the system clock is incorrect by more than this threshold, the daemon exits. There is an implementation error within the ntpd(8) implementation of this feature, which allows the system time be adjusted in certain circumstances. When ntpd(8) is started with the ‘-g’ option specified, the system time will be corrected regardless of if the time offset exceeds the panic threshold (by default, 1000 seconds). The FreeBSD rc(8) subsystem allows specifying the ‘-g’ option by either including ‘-g’ in the ntpd_flags list or by enabling ntpd_sync_on_start in the system rc.conf(5) file. If at the moment ntpd(8) is restarted, an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of opportunity where the attacker can cause ntpd(8) to set the time to an arbitrary value.