First published: Thu Oct 22 2015(Updated: )
The following flaw was found in ntpd: An exploitable use-after-free vulnerability exists in the password management functionality of the Network Time Protocol. A specially crafted key file could cause a buffer overflow resulting in memory corruption. An attacker could provide a malicious password file to trigger this vulnerability. External References: <a href="http://talosintel.com/reports/TALOS-2015-0054/">http://talosintel.com/reports/TALOS-2015-0054/</a> <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner">http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ntp | <4.2.8 | 4.2.8 |
NTP ntp | >=4.2.0<4.2.8 | |
NTP ntp | >=4.3.0<4.3.77 | |
NTP ntp | =4.2.8 | |
NTP ntp | =4.2.8-p1 | |
NTP ntp | =4.2.8-p1-beta1 | |
NTP ntp | =4.2.8-p1-beta2 | |
NTP ntp | =4.2.8-p1-beta3 | |
NTP ntp | =4.2.8-p1-beta4 | |
NTP ntp | =4.2.8-p1-beta5 | |
NTP ntp | =4.2.8-p1-rc1 | |
NTP ntp | =4.2.8-p1-rc2 | |
NTP ntp | =4.2.8-p2 | |
NTP ntp | =4.2.8-p2-rc1 | |
NTP ntp | =4.2.8-p2-rc2 | |
NTP ntp | =4.2.8-p2-rc3 | |
NTP ntp | =4.2.8-p3 | |
NTP ntp | =4.2.8-p3-rc1 | |
NTP ntp | =4.2.8-p3-rc2 | |
NTP ntp | =4.2.8-p3-rc3 | |
NetApp OnCommand Balance | ||
Netapp Oncommand Performance Manager | ||
Netapp Oncommand Unified Manager Clustered Data Ontap | ||
NetApp Clustered Data ONTAP | ||
Netapp Data Ontap 7-mode |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.