Displaying 2 results from an estimated 2 matches for "ntp4".
Did you mean:
ntp
2014 Dec 20
4
NTP Vulnerability?
I just saw this:
https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01
which includes this:
" A remote attacker can send a carefully crafted packet that can overflow a
stack buffer and potentially allow malicious code to be executed with the
privilege level of the ntpd process. All NTP4 releases before 4.2.8 are
vulnerable."
"This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014."
I guess no one has had time to respond yet. Wonder if I should shut down my
external NTP services as a precaution?
--Bill
2014 Dec 20
0
NTP Vulnerability?
...t; https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01
>
> which includes this:
> " A remote attacker can send a carefully crafted packet that can overflow a
> stack buffer and potentially allow malicious code to be executed with the
> privilege level of the ntpd process. All NTP4 releases before 4.2.8 are
> vulnerable."
>
> "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014."
>
> I guess no one has had time to respond yet. Wonder if I should shut down my
> external NTP services as a precaution?
>
> --Bill
> __...