CVE-2016-7426 NTP.org ntpd Multiple Security Vulnerabilities

漏洞类别:General remote services

漏洞等级:

漏洞信息

The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source.

This update fixes the following vulnerabilities:
– Trap crash. (CVE-2016-9311)
– Mode 6 unauthenticated trap information disclosure and DDoS vector. (CVE-2016-9310)
– Broadcast Mode Replay Prevention DoS. (CVE-2016-7427)
– Broadcast Mode Poll Interval Enforcement DoS. (CVE-2016-7428)
– Windows: ntpd DoS by oversized UDP packet. (CVE-2016-9312)
– Regression: 010-origin: Zero Origin Timestamp Bypass. (CVE-2016-7431)
– Null pointer dereference in _IO_str_init_static_internal(). (CVE-2016-7434)
– Interface selection attack. (CVE-2016-7429)
– Client rate limiting and server responses. (CVE-2016-7426)
– Reboot sync calculation problem. (CVE-2016-7433)

Affected Versions:
NTP versions prior to 4.2.8p9

漏洞危害

A remote unauthenticated attacker may be able to perform a denial of service on targeted system.

解决方案

User are advised to upgrade to the 4.2.8p9 or later version to fix the issues. Latest version can be downloaded from here

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ntp-4.2.8p9 or later

0day

发表评论