Network Time Protocol is prone to a denial-of-service vulnerability.
An attacker can leverage this issue to crash the affected application, denying service to legitimate users.
Information
Slackware Linux x86_64 -current
Slackware Linux 14.1 x86_64
Slackware Linux 14.0 x86_64
Slackware Linux 14.0
Slackware Linux 13.37 x86_64
Slackware Linux 13.37
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux -current
Rockwell Automation Stratix 5900 0
NTP NTP 4.3.25
NTP NTP 4.3
NTP NTP 4.2.8
NTP NTP 4.2.6
NTP NTP 4.2.5 p74
NTP NTP 4.2.5 p150
NTP NTP 4.2.4 p7
NTP NTP 4.2.4 p6
NTP NTP 4.2.4 p5
NTP NTP 4.2.4 p4
NTP NTP 4.2.2 p4
NTP NTP 4.2.2 p1
NTP NTP 4.1.2
NTP NTP 4.3.70
NTP NTP 4.2.8p3
NTP NTP 4.2.8p2
NTP NTP 4.2.7p111
NTP NTP 4.2.7p11
NTP NTP 4.2.5p3
NTP NTP 4.2.5p186
NTP NTP 4.2.0.a
Juniper Junos OS 0
IBM QLogic Virtual Fabric Extension Module for IBM BladeCenter 9.0
IBM QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module 7.10
IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru 9.1.0.00
IBM DS8800 86.31.167.0 (R6.3)
IBM DS8800 0
IBM DS8700 87.51.14.X (R7.5)
IBM DS8700 87.41.17.X (R7.4)
IBM DS8700 76.31.143.0 (R6.3)
FreeBSD Freebsd 9.3-RELEASE-p9
FreeBSD FreeBSD 9.3-RELEASE-p6
FreeBSD FreeBSD 9.3-RELEASE-p5
FreeBSD FreeBSD 9.3-RELEASE-p3
FreeBSD Freebsd 9.3-RELEASE-p25
FreeBSD Freebsd 9.3-RELEASE-p24
FreeBSD Freebsd 9.3-RELEASE-p22
FreeBSD Freebsd 9.3-RELEASE-p21
FreeBSD FreeBSD 9.3-RELEASE-p2
FreeBSD Freebsd 9.3-RELEASE-p13
FreeBSD Freebsd 9.3-RELEASE-p10
FreeBSD FreeBSD 9.3-RELEASE-p1
FreeBSD FreeBSD 9.3-RC3-p1
FreeBSD FreeBSD 9.3-RC2-p1
FreeBSD FreeBSD 9.3-RC2
FreeBSD FreeBSD 9.3-RC1-p2
FreeBSD FreeBSD 9.3-RC
FreeBSD FreeBSD 9.3-PRERELEASE
FreeBSD FreeBSD 9.3-BETA3-p2
FreeBSD FreeBSD 9.3-BETA1-p2
FreeBSD FreeBSD 9.3-BETA1-p1
FreeBSD FreeBSD 9.3-BETA1
FreeBSD FreeBSD 9.3
FreeBSD Freebsd 10.2-RC2-p1
FreeBSD Freebsd 10.2-RC1-p2
FreeBSD Freebsd 10.2-RC1-p1
FreeBSD Freebsd 10.2-PRERELEASE
FreeBSD Freebsd 10.2-BETA2-p3
FreeBSD Freebsd 10.2-BETA2-p2
FreeBSD Freebsd 10.2
FreeBSD FreeBSD 10.1-STABLE
FreeBSD Freebsd 10.1-RELENG
FreeBSD Freebsd 10.1-RELEASE-p9
FreeBSD Freebsd 10.1-RELEASE-p6
FreeBSD Freebsd 10.1-RELEASE-p5
FreeBSD Freebsd 10.1-RELEASE-p19
FreeBSD Freebsd 10.1-RELEASE-p17
FreeBSD Freebsd 10.1-RELEASE-p16
FreeBSD FreeBSD 10.1-RELEASE-p1
FreeBSD Freebsd 10.1-RELEASE
FreeBSD FreeBSD 10.1-RC4-p1
FreeBSD FreeBSD 10.1-RC3-p1
FreeBSD FreeBSD 10.1-RC2-p3
FreeBSD FreeBSD 10.1-RC2-p1
FreeBSD FreeBSD 10.1-RC1-p1
FreeBSD FreeBSD 10.1-PRERELEASE
FreeBSD FreeBSD 10.1-BETA3-p1
FreeBSD FreeBSD 10.1-BETA1-p1
FreeBSD FreeBSD 10.1
Extremenetworks Summit WM3000 Series 0
Extremenetworks Purview Appliance 6.3
Extremenetworks Purview Appliance 6.0
Extremenetworks NetSight Appliance 6.3
Extremenetworks NetSight Appliance 6.0
Extremenetworks NAC Appliance 6.3
Extremenetworks NAC Appliance 6.0
Extremenetworks ExtremeXOS 15.7.4
Extremenetworks ExtremeXOS 15.7.3 Patch 8
Extremenetworks ExtremeXOS 15.7.3 Patch 1
Extremenetworks ExtremeXOS 15.7.2
Extremenetworks ExtremeXOS 15.7
Extremenetworks ExtremeXOS 15.6.4
Extremenetworks ExtremeXOS 15.4.1.0
Extremenetworks ExtremeXOS 15.3
NTP NTP 4.3.77
NTP NTP 4.2.8p4
IBM QLogic Virtual Fabric Extension Module for IBM BladeCenter 9.0.3.14.0
IBM QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module 7.10.1.37.00
IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru 9.1.7.03.00
FreeBSD FreeBSD 9.3-STABLE
FreeBSD Freebsd 9.3-RELEASE-p29
FreeBSD Freebsd 10.2-STABLE
FreeBSD Freebsd 10.2-RELEASE-p6
FreeBSD Freebsd 10.1-RELEASE-p23
Extremenetworks Purview Appliance 6.4
Extremenetworks NetSight Appliance 6.4
Extremenetworks NAC Appliance 6.4
Extremenetworks ExtremeXOS 21.1
Extremenetworks ExtremeXOS 16.2
Exploit
Attackers can use standard commands to exploit this issue.
References:
- NTP 4.2.8p4 Focus: Security, Bug fies, enhancements. (NTP)
- Ntp Homepage (Dave Mills)
- October 2015 NTP Security Vulnerability Announcement (Medium) (NTP)
- 2015-10 Out of Cycle Security Bulletin: NTP.org announcement of multiple vulnera (Juniper)
- Advisory (ICSA-17-094-04)Rockwell Automation Stratix 5900 (CERT)
- cisco-sa-20151021-ntp: Multiple Vulnerabilities in ntpd Affecting Cisco Products (Cisco)
- Extreme Networks - Multiple NTP Vulnerabilities (Extreme Networks)
- FreeBSD Security Advisory FreeBSD-SA-15:25.ntp (FreeBSD)
- Multiple vulnerabilities impact System Storage DS8000 Hardware Management Consol (IBM)
- NTP Private Mode Packet Integer Overflow Denial of Service Vulnerability (Cisco)
- Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN (IBM)
- TALOS-2015-0052 NETWORK TIME PROTOCOL NTPD MULTIPLE INTEGER OVERFLOW READ ACCESS (Cisco)