| VID |
23240 |
| Severity |
30 |
| Port |
123 |
| Protocol |
UDP |
| Class |
NTPD |
| Detailed Description |
The NTP daemon, according its version number, is vulnerable to multiple vulnerabilities. Network Time Protocol (NTP) daemon is responsible for providing accurate time reports used for synchronizing the clocks on installed systems.
The remote NTP server is affected by an information disclosure vulnerability due to improper validation of the 'vallen' value in extension fields in 'ntp_crypto.c'. This allows a remote attacker to disclose sensitive information.
* Note: This check solely relied on the version number of the remote NTP daemon to assess this vulnerability, so this might be a false positive.
* References:
http://support.ntp.org/bin/view/Main/SecurityNotice
* Platforms Affected:
NTPD versions prior to 4.2.8p1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of NTP (4.2.8p1 or later), available from the NTP Software Downloads Web page at http://ntp.isc.org/bin/view/Main/SoftwareDownloads |
| Related URL |
CVE-2014-9297 (CVE) |
| Related URL |
72583 (SecurityFocus) |
| Related URL |
(ISS) |
|
