Описание
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service.
Меры по смягчению последствий
Use "restrict default noquery ..." in your ntp.conf file. Only allow mode 6 queries from trusted networks and hosts.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ntp | Will not fix | ||
| Red Hat Enterprise Linux 6 | ntp | Fixed | RHSA-2017:0252 | 06.02.2017 |
| Red Hat Enterprise Linux 7 | ntp | Fixed | RHSA-2017:0252 | 06.02.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows r ...
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2