Описание
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source.
Меры по смягчению последствий
If you are going to configure your OS to disable source address checks, also configure your firewall configuration to control what interfaces can receive packets from what networks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ntp | Will not fix | ||
| Red Hat Enterprise Linux 6 | ntp | Fixed | RHSA-2017:0252 | 06.02.2017 |
| Red Hat Enterprise Linux 7 | ntp | Fixed | RHSA-2017:0252 | 06.02.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
2.6 Low
CVSS2
Связанные уязвимости
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
NTP before 4.2.8p9 changes the peer structure to the interface it rece ...
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
EPSS
3.7 Low
CVSS3
2.6 Low
CVSS2