Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
NTP Multiple Denial-of-Service Vulnerabilities -Mar17
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is running NTP and is prone to multiple denial of service vulnerabilities.
Insight
Insight
Multiple flaws exists due to - Improper handling of a malformed mode configuration directive. - A buffer overflow error in Legacy Datum Programmable Time Server refclock driver. - Improper handling of an invalid setting via the :config directive. - Incorrect pointer usage in the function 'ntpq_stripquotes'. - No allocation of memory for a specific amount of items of the same size in 'oreallocarray' function. - ntpd configured to use the PPSAPI under Windows. - Limited passed application path size under Windows. - An error leading to garbage registry creation in Windows. - Copious amounts of Unused Code. - Off-by-one error in Oncore GPS Receiver. - Potential Overflows in 'ctl_put' functions. - Improper use of 'snprintf' function in mx4200_send function. - Buffer Overflow in ntpq when fetching reslist from a malicious ntpd. - Potential Overflows in 'ctl_put' functions. - Potential denial of service in origin timestamp check functionality of ntpd.
Affected Software
Affected Software
NTP versions 4.x before 4.2.8p10 and 4.3.x before 4.3.94
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to NTP version 4.2.8p10 or 4.3.94 or later.
Common Vulnerabilities and Exposures (CVE)
References
- http://support.ntp.org/bin/view/Main/NtpBug3389
- http://support.ntp.org/bin/view/Main/NtpBug3388
- http://support.ntp.org/bin/view/Main/NtpBug3387
- http://support.ntp.org/bin/view/Main/NtpBug3386
- http://support.ntp.org/bin/view/Main/NtpBug3385
- http://support.ntp.org/bin/view/Main/NtpBug3384
- http://support.ntp.org/bin/view/Main/NtpBug3383
- http://support.ntp.org/bin/view/Main/NtpBug3382
- http://support.ntp.org/bin/view/Main/NtpBug3381
- http://support.ntp.org/bin/view/Main/NtpBug3380
- http://support.ntp.org/bin/view/Main/NtpBug3379
- http://support.ntp.org/bin/view/Main/NtpBug3378
- http://support.ntp.org/bin/view/Main/NtpBug3377
- http://support.ntp.org/bin/view/Main/NtpBug3376
- http://support.ntp.org/bin/view/Main/NtpBug3361
- http://www.ntp.org