Network Time Protocol daemon (ntpd) Multiple Vulnerabilities
Last Update Date:
22 Dec 2014 10:45
Release Date:
22 Dec 2014
4342
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
The buffer overflow vulnerabilities were identified in ntpd, which may allow a remote unauthenticated attacker to execute arbitrary malicious code with the privilege level of the ntpd process. The weak default key and non-cryptographic random number generator in ntp-keygen may allow an attacker to gain information regarding the integrity checking and authentication encryption schemes.
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Versions prior to 4.2.8
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 4.2.8
Vulnerability Identifier
Source
Related Link
Share with