Test Kennung:	1.3.6.1.4.1.25623.1.0.106409
Kategorie:	Denial of Service
Titel:	NTP.org 'ntpd' 4.2.5p203 - 4.2.8p8, 4.3.0 - 4.3.93 DoS Vulnerability (Nov 2016)
Zusammenfassung:	NTP.org's reference implementation of NTP server, ntpd, is prone to a; denial of service vulnerability.
Beschreibung:	Summary: NTP.org's reference implementation of NTP server, ntpd, is prone to a denial of service vulnerability. Vulnerability Insight: When ntpd is configured with rate limiting for all associations (restrict default limited in ntp.conf), the limits are applied also to responses received from its configured sources. An attacker who knows the sources (e.g., from an IPv4 refid in server response) and knows the system is (mis)configured in this way can periodically send packets with spoofed source address to keep the rate limiting activated and prevent ntpd from accepting valid responses from its sources. Vulnerability Impact: A remote attacker may be able to perform a denial of service on ntpd. Affected Software/OS: NTPd version 4.2.5p203 up to 4.2.8p8, 4.3.0 up to 4.3.93. Solution: Update to version 4.2.8p9, 4.3.94 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7426 BugTraq ID: 94451 http://www.securityfocus.com/bid/94451 CERT/CC vulnerability note: VU#633847 https://www.kb.cert.org/vuls/id/633847 FreeBSD Security Advisory: FreeBSD-SA-16:39 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc RedHat Security Advisories: RHSA-2017:0252 http://rhn.redhat.com/errata/RHSA-2017-0252.html http://www.securitytracker.com/id/1037354 https://usn.ubuntu.com/3707-2/
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.