it.ucsf.edu

Security Update:Multiple Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Status Type

Security Update

Date and Time

Wednesday, March 22, 2017 - 15:32

Reason

Security Update

Impact

NTPD users

WHAT HAPPENED?

Network Time Foundation’s NTP Project released ntp-4.2.8p10 to address 6 Medium, 5 Low, and 4 Informational-level vulnerabilities in Network Time Protocol daemon (NTPD); in addition to multiple software enhancements.

 

Advanced Users: For a complete description of the vulnerabilities visit NTP.org's security advisory alerts at http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities.

 

AFFECTED VERSIONS:

[if !supportLists]· [endif]ntp-4.2.8p9 and below

 

WHAT'S THE PROBLEM?

Most severe of these vulnerabilities could allow a remote attacker to cause a denial of service condition.

 

WHAT DO I NEED TO DO?

NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks.

To get a copy of ntp-4.2.8p10, please visit http://support.ntp.org/bin/view/Main/SoftwareDownloads.

 

RELATED LINKS

NTP.org ntpd Contains Multiple Denial of Service Vulnerabilities at http://www.kb.cert.org/vuls/id/633847

NTP Security Notice Page at http://nwtime.org/?s=4.2.8p10

IT Security at http://it.ucsf.edu/security