Описание
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server.
Отчет
This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.4, as they do not include support for KoD packets.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ntp | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 6.4 | ntp | Not affected | ||
| Red Hat Enterprise Linux 6 | ntp | Fixed | RHSA-2015:1930 | 26.10.2015 |
| Red Hat Enterprise Linux 6.5 Extended Update Support | ntp | Fixed | RHSA-2015:2520 | 26.11.2015 |
| Red Hat Enterprise Linux 6.6 Extended Update Support | ntp | Fixed | RHSA-2015:2520 | 26.11.2015 |
| Red Hat Enterprise Linux 7 | ntp | Fixed | RHSA-2015:1930 | 26.10.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allo ...
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
EPSS
6.4 Medium
CVSS2