First published: Wed Jul 01 2015(Updated: )
A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if: * ntpd enabled remote configuration * The attacker had the knowledge of the configuration password * The attacker had access to a computer entrusted to perform remote configuration Note that remote configuration is disabled by default in NTP. External References: <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi">http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject Fedora | =21 | |
Fedoraproject Fedora | =22 | |
Fedoraproject Fedora | =23 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
NTP ntp | <=4.2.8 | |
redhat/ntp | <4.2.8 | 4.2.8 |
redhat/ntp | <4.3.25 | 4.3.25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.