ID de Prueba:	1.3.6.1.4.1.25623.1.0.106409
Categoría:	Denial of Service
Título:	NTP.org 'ntpd' 4.2.5p203 - 4.2.8p8, 4.3.0 - 4.3.93 DoS Vulnerability (Nov 2016)
Resumen:	NTP.org's reference implementation of NTP server, ntpd, is prone to a; denial of service vulnerability.
Descripción:	Summary: NTP.org's reference implementation of NTP server, ntpd, is prone to a denial of service vulnerability. Vulnerability Insight: When ntpd is configured with rate limiting for all associations (restrict default limited in ntp.conf), the limits are applied also to responses received from its configured sources. An attacker who knows the sources (e.g., from an IPv4 refid in server response) and knows the system is (mis)configured in this way can periodically send packets with spoofed source address to keep the rate limiting activated and prevent ntpd from accepting valid responses from its sources. Vulnerability Impact: A remote attacker may be able to perform a denial of service on ntpd. Affected Software/OS: NTPd version 4.2.5p203 up to 4.2.8p8, 4.3.0 up to 4.3.93. Solution: Update to version 4.2.8p9, 4.3.94 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7426 BugTraq ID: 94451 http://www.securityfocus.com/bid/94451 CERT/CC vulnerability note: VU#633847 https://www.kb.cert.org/vuls/id/633847 FreeBSD Security Advisory: FreeBSD-SA-16:39 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc RedHat Security Advisories: RHSA-2017:0252 http://rhn.redhat.com/errata/RHSA-2017-0252.html http://www.securitytracker.com/id/1037354 https://usn.ubuntu.com/3707-2/
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.