Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

NTP Multiple Denial-of-Service Vulnerabilities -Mar17

Information

Severity

Severity

Medium

Family

Family

General

CVSSv2 Base

CVSSv2 Base

6.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

7 years ago

Modified

Modified

5 years ago

Share

Summary

The host is running NTP and is prone to multiple denial of service vulnerabilities.

Insight

Insight

Multiple flaws exists due to - Improper handling of a malformed mode configuration directive. - A buffer overflow error in Legacy Datum Programmable Time Server refclock driver. - Improper handling of an invalid setting via the :config directive. - Incorrect pointer usage in the function 'ntpq_stripquotes'. - No allocation of memory for a specific amount of items of the same size in 'oreallocarray' function. - ntpd configured to use the PPSAPI under Windows. - Limited passed application path size under Windows. - An error leading to garbage registry creation in Windows. - Copious amounts of Unused Code. - Off-by-one error in Oncore GPS Receiver. - Potential Overflows in 'ctl_put' functions. - Improper use of 'snprintf' function in mx4200_send function. - Buffer Overflow in ntpq when fetching reslist from a malicious ntpd. - Potential Overflows in 'ctl_put' functions. - Potential denial of service in origin timestamp check functionality of ntpd.

Affected Software

Affected Software

NTP versions 4.x before 4.2.8p10 and 4.3.x before 4.3.94

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade to NTP version 4.2.8p10 or 4.3.94 or later.

Common Vulnerabilities and Exposures (CVE)

References