The Network Time Foundation's NTP Project has has released version ntp-4.2.8p10 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
US-CERT encourages users and administrators to review the [NTP Security Notice Page](<http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities>) for vulnerability and mitigation details.
This product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.
**Please share your thoughts.**
We recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2017/03/22/Vulnerabilities-Identified-Network-Time-Protocol-Daemon-ntpd>); we'd welcome your feedback.
{"id": "CISA:A033847C834445574FEEF446EDB3A4AC", "type": "cisa", "bulletinFamily": "info", "title": "Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)", "description": "The Network Time Foundation's NTP Project has has released version ntp-4.2.8p10 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.\n\nUS-CERT encourages users and administrators to review the [NTP Security Notice Page](<http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities>) for vulnerability and mitigation details.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2017/03/22/Vulnerabilities-Identified-Network-Time-Protocol-Daemon-ntpd>); we'd welcome your feedback.\n", "published": "2017-03-22T00:00:00", "modified": "2017-03-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://us-cert.cisa.gov/ncas/current-activity/2017/03/22/Vulnerabilities-Identified-Network-Time-Protocol-Daemon-ntpd", "reporter": "CISA", "references": ["http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"], "cvelist": [], "lastseen": "2021-02-24T18:07:46", "viewCount": 2, "enchantments": {"dependencies": {"references": []}, "score": {"value": 7.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "ics", "idList": ["ICSA-20-282-02"]}, {"type": "threatpost", "idList": ["THREATPOST:F7C1C6A7D07F7CFA8DFDD80051147A3B"]}]}, "exploitation": null, "vulnersScore": 7.0}, "wildExploited": false, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"wildexploited": 1647356730, "dependencies": 1647589307, "score": 1684005285, "epss": 1679050336}, "_internal": {"wildexploited_cvelist": null, "score_hash": "d88d216ca1dbdc41ecb15b73869e258e"}}
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)