Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
NTP Local Buffer Overflow And Sybil Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is running NTP and is prone to a local buffer overflow and sybil vulnerabilities.
Insight
Insight
Multiple flaws are due to, - An insufficient validation of input argument for an IPv4 or IPv6 command-line parameter. - If a system is set up to use a trustedkey and if one is not using the feature allowing an optional 4th field in the ntp.keys file to specify which IPs can serve time.
Affected Software
Affected Software
All ntp-4 releases up to, but not including 4.2.8p12, and 4.3.0 up to, but not including 4.3.94.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to 4.2.8p12 or 4.3.94 or later. Please see the references for more information.