Security Update:Multiple Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
Date and Time
Network Time Foundation’s NTP Project released ntp-4.2.8p10 to address 6 Medium, 5 Low, and 4 Informational-level vulnerabilities in Network Time Protocol daemon (NTPD); in addition to multiple software enhancements.
Advanced Users: For a complete description of the vulnerabilities visit NTP.org's security advisory alerts at http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities.
[if !supportLists]· [endif]ntp-4.2.8p9 and below
WHAT'S THE PROBLEM?
Most severe of these vulnerabilities could allow a remote attacker to cause a denial of service condition.
WHAT DO I NEED TO DO?
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks.
To get a copy of ntp-4.2.8p10, please visit http://support.ntp.org/bin/view/Main/SoftwareDownloads.
NTP.org ntpd Contains Multiple Denial of Service Vulnerabilities at http://www.kb.cert.org/vuls/id/633847
NTP Security Notice Page at http://nwtime.org/?s=4.2.8p10
IT Security at http://it.ucsf.edu/security