I just saw this: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 which includes this: " A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable." "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014." I guess no one has had time to respond yet. Wonder if I should shut down my external NTP services as a precaution? --Bill
https://access.redhat.com/security/cve/CVE-2014-9295 2014-12-20 4:42 GMT+02:00 listmail <listmail at entertech.com>:> I just saw this: > > https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 > > which includes this: > " A remote attacker can send a carefully crafted packet that can overflow a > stack buffer and potentially allow malicious code to be executed with the > privilege level of the ntpd process. All NTP4 releases before 4.2.8 are > vulnerable." > > "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014." > > I guess no one has had time to respond yet. Wonder if I should shut down my > external NTP services as a precaution? > > --Bill > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
fixed in: https://rhn.redhat.com/errata/RHSA-2014-2025.html https://rhn.redhat.com/errata/RHSA-2014-2024.html maybe it's soon in centos too.. 2014-12-20 4:42 GMT+02:00 listmail <listmail at entertech.com>:> I just saw this: > > https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 > > which includes this: > " A remote attacker can send a carefully crafted packet that can overflow a > stack buffer and potentially allow malicious code to be executed with the > privilege level of the ntpd process. All NTP4 releases before 4.2.8 are > vulnerable." > > "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014." > > I guess no one has had time to respond yet. Wonder if I should shut down my > external NTP services as a precaution? > > --Bill > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
C7 - http://lists.centos.org/pipermail/centos-announce/2014-December/020850.html C6 - http://lists.centos.org/pipermail/centos-announce/2014-December/020852.html C5 - http://lists.centos.org/pipermail/centos-announce/2014-December/020851.html On 20/12/14 14:04, Eero Volotinen wrote:> fixed in: > > > https://rhn.redhat.com/errata/RHSA-2014-2025.html > https://rhn.redhat.com/errata/RHSA-2014-2024.html > > maybe it's soon in centos too.. > > 2014-12-20 4:42 GMT+02:00 listmail <listmail at entertech.com>: > >> I just saw this: >> >> https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 >> >> which includes this: >> " A remote attacker can send a carefully crafted packet that can overflow a >> stack buffer and potentially allow malicious code to be executed with the >> privilege level of the ntpd process. All NTP4 releases before 4.2.8 are >> vulnerable." >> >> "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014." >> >> I guess no one has had time to respond yet. Wonder if I should shut down my >> external NTP services as a precaution? >> >> --Bill >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
On 20.12.2014 03:42, listmail wrote:> I just saw this: > > https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 > > which includes this: > " A remote attacker can send a carefully crafted packet that can overflow a > stack buffer and potentially allow malicious code to be executed with the > privilege level of the ntpd process. All NTP4 releases before 4.2.8 are > vulnerable." > > "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014." > > I guess no one has had time to respond yet. Wonder if I should shut down my > external NTP services as a precaution?>From the description in the Red Hat advisory and this linkhttp://www.kb.cert.org/vuls/id/852879 it seems the buffer overflow issues can only be exploitet with specific authentication settings that are not part of the default configuration or am I interpreting this wrong? Regards, Dennis