| VID |
23282 |
| Severity |
30 |
| Port |
123 |
| Protocol |
UDP |
| Class |
NTPD |
| Detailed Description |
The NTP daemon, according its version number, is vulnerable to multiple vulnerabilities. Network Time Protocol (NTP) daemon is responsible for providing accurate time reports used for synchronizing the clocks on installed systems. The version of the remote NTP server is 4.x prior to 4.2.8p11. It is, therefore, affected by multiple vulnerabilities, which allow denial of service attacks, information disclosure and possibly, remote code execution.
* Note: This check solely relied on the version number of the remote NTP daemon to assess this vulnerability, so this might be a false positive.
* References:
https://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
* Platforms Affected:
NTPD versions prior to 4.2.8p11
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of NTP (4.2.8p11 or later), available from the NTP Software Downloads Web page at http://www.ntp.org/downloads.html |
| Related URL |
CVE-2016-1549,CVE-2018-7170,CVE-2018-7182,CVE-2018-7183,CVE-2018-7184,CVE-2018-7185 (CVE) |
| Related URL |
88200,103191,103192,103194,103339 (SecurityFocus) |
| Related URL |
(ISS) |
|
