it.ucsf.edu

Security Update:Multiple Vulnerabilities in Network Time Protocol (NTP) Server, NTPD

Status Type

Security Update

Date and Time

Wednesday, April 27, 2016 - 15:53

Reason

Security Update

Impact

NTPD Administrators

 

WHAT HAPPENED?
NTP.org's reference implementation of Network Time Protocol (NTP) server, ntpd, contains multiple vulnerabilities.

Advanced Users: For a complete description of the vulnerabilities visit NTP.org's security advisory alerts:


AFFECTED VERSIONS:
Users and administrators are encouraged to review the Security Advisories (listed above).


WHAT'S THE PROBLEM?
Unauthenticated remote attackers may be able to spoof packets to cause denial of service, authentication bypass on commands, or certain configuration changes.


WHAT DO I NEED TO DO?
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks.


RELATED LINKS