Denial of Service : NTP.org 'ntpd' 'protocol engine' Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.812792

Categoría: Denial of Service

Título: NTP.org 'ntpd' 'protocol engine' Denial of Service Vulnerability

Resumen: NTP.org's reference implementation of NTP server, ntpd is prone to a denial of service vulnerability.

Descripción: Summary:
NTP.org's reference implementation of NTP server, ntpd is prone to a denial of service vulnerability.

Vulnerability Insight:
The flaw exists due to a bug that was
inadvertently introduced into the 'protocol engine' that allows a non-authenticated
zero-origin (reset) packet to reset an authenticated interleaved peer association.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to cause a denial-of-service condition, denying service to legitimate
users.

Affected Software/OS:
NTPd version 4.2.6 through 4.2.8p10.

Solution:
Update to version 4.2.8p11 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-7185
BugTraq ID: 103339
http://www.securityfocus.com/bid/103339
Bugtraq: 20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) (Google Search)
http://www.securityfocus.com/archive/1/541824/100/0/threaded
FreeBSD Security Advisory: FreeBSD-SA-18:02
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://usn.ubuntu.com/3707-1/
https://usn.ubuntu.com/3707-2/

Copyright Copyright (C) 2018 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.812792
Categoría:	Denial of Service
Título:	NTP.org 'ntpd' 'protocol engine' Denial of Service Vulnerability
Resumen:	NTP.org's reference implementation of NTP server, ntpd is prone to a denial of service vulnerability.
Descripción:	Summary: NTP.org's reference implementation of NTP server, ntpd is prone to a denial of service vulnerability. Vulnerability Insight: The flaw exists due to a bug that was inadvertently introduced into the 'protocol engine' that allows a non-authenticated zero-origin (reset) packet to reset an authenticated interleaved peer association. Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial-of-service condition, denying service to legitimate users. Affected Software/OS: NTPd version 4.2.6 through 4.2.8p10. Solution: Update to version 4.2.8p11 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7185 BugTraq ID: 103339 http://www.securityfocus.com/bid/103339 Bugtraq: 20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) (Google Search) http://www.securityfocus.com/archive/1/541824/100/0/threaded FreeBSD Security Advisory: FreeBSD-SA-18:02 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc https://security.gentoo.org/glsa/201805-12 http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://usn.ubuntu.com/3707-1/ https://usn.ubuntu.com/3707-2/
Copyright	Copyright (C) 2018 Greenbone AG