La vulnerabilità riguarda la possibilità di manipolare il tasso di polling, qualcosa che è rilevante solo per un cliente. link
CVE-2015-7705 è il CVE per il bug che colpisce il server (DOS).
La discussione tecnica completa dei bug si trova qui: link
In risposta alla domanda "strato", devi guardare la definizione dei messaggi KoD:
According to the NTP specification RFC 1305, if the Stratum field
in the NTP header is 1, indicating a primary server, the Reference
Identifier field contains an ASCII string identifying the particular reference clock type. However, in RFC 1305 nothing is said about the Reference Identifier field if the Stratum field is 0, which is called
out as "unspecified". However, if the Stratum field is 0, the
Reference Identifier field can be used to convey messages useful for
status reporting and access control. In NTPv4 and SNTPv4, packets of
this kind are called Kiss-o'-Death (KoD) packets, and the ASCII
messages they convey are called kiss codes. The KoD packets got
their name because an early use was to tell clients to stop sending
packets that violate server access controls.
RFC 4330