Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

NTP.org 'ntp' 'decodenetnum' And 'loop counter underrun' DoS Vulnerabilities

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

4 years ago

Summary

The host is running NTP.org's reference implementation of NTP server, ntpd and is prone to multiple denial of service vulnerabilities.

Insight

Insight

Multiple errors are due to - A flaw in 'decodenetnum' function which will abort with an assertion failure instead of simply returning a failure condition when ntpd is fed a crafted packet. - An integer overflow can occur in application.

Affected Software

Affected Software

All ntp-4 release prior to 4.2.8p4 and 4.3.0 prior to 4.3.77

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade to ntp4.2.8p4 or 4.3.77 or later.

Common Vulnerabilities and Exposures (CVE)