it.ucsf.edu

Security Update:Denial of Service Vulnerabilities in Network Time Protocol (ntp-4.2.8p8 and below)

Status Type

Security Update

Date and Time

Monday, November 21, 2016 - 16:03

Reason

Security Update

Impact

ntpd

 

WHAT HAPPENED?
NTP.org's reference implementation of Network Time Protocol (NTP) server, ntpd, contains multiple vulnerabilities.

Advanced Users: For a complete description of the vulnerabilities visit NTP.org's security advisory alerts at http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_....


AFFECTED VERSIONS:

  • ntp-4.2.8p8 and below

 

WHAT'S THE PROBLEM?
Unauthenticated remote attackers may be able to cause a denial of service condition.



WHAT DO I NEED TO DO?

NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks.

To get a copy of ntp-4.2.8p9, please visit http://support.ntp.org/bin/view/Main/SoftwareDownloads.


RELATED LINKS