Network Time Protocol daemon (ntpd) Multiple Vulnerabilities

Last Update Date: 9 Apr 2015 Release Date: 8 Apr 2015 3725 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities were identified in ntpd, which could be exploited by a remote user to cause denial of service conditions and bypass authentication on the target system.

  1. A remote user with knowledge of a symmetric association between two hosts can periodically send a specially crafted packet to one host of the symmetric association to cause both hosts to fail to synchronize.
  2. When configured for symmetric key authentication, the system accepts packets that do not contain a message authentication code (MAC) as valid packets. A remote user with the ability to conduct a man-in-the-middle attack can send a specially crafted spoofed packet that does not contain a MAC value to bypass authentication. Authentication using autokey is not affected.

 

Impact

  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Versions prior to 4.2.8p2

 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (4.2.8p2, 4.3.14).

Vulnerability Identifier

Source

Related Link

Share with

Previous

Google Chrome Multiple Vulnerabilities

2 Apr 2015 3632 Views

Next

Mozilla Firefox Multiple Vulnerabilities

8 Apr 2015 3599 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY