Описание
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ntp | fixed | 1:4.2.8p4+dfsg-3 | package | |
| ntp | no-dsa | jessie | package | |
| ntp | no-dsa | wheezy | package | |
| ntp | no-dsa | squeeze | package |
Примечания
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
https://github.com/ntp-project/ntp/commit/21d57dc336dbe9a975baca5ce5ae4da5b71ff123
https://github.com/ntp-project/ntp/commit/492758c3d0690d3ccf7130fabfcf670997f12f7b
Original fix was reported broken, then fixed in http://bugs.ntp.org/show_bug.cgi?id=2952 (4.2.8p7)
Original upsteam bug: http://support.ntp.org/bin/view/Main/NtpBug2901
Связанные уязвимости
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
Уязвимость службы ограничения скорости протокола сетевого времени NTP, позволяющая нарушителю вызвать частичное нарушение конфиденциальности, целостности и доступности защищаемой информации