Skip to main content

Network Time Protocol daemon (ntpd) Multiple Vulnerabilities

Last Update Date: 22 Dec 2014 10:45 Release Date: 22 Dec 2014 4342 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

The buffer overflow vulnerabilities were identified in ntpd, which may allow a remote unauthenticated attacker to execute arbitrary malicious code with the privilege level of the ntpd process. The weak default key and non-cryptographic random number generator in ntp-keygen may allow an attacker to gain information regarding the integrity checking and authentication encryption schemes.


Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Versions prior to 4.2.8

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.
  • Update to version 4.2.8

Vulnerability Identifier


Source


Related Link