K44942017 : NTP vulnerability CVE-2014-5209

Security Advisory Description

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. (CVE-2014-5209)

Impact

An attacker may be able to prompt the network time protocol (NTP) server to return a list of hosts or networks that have particular restrictions applied. BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow software are not vulnerable in default, standard, and recommended configurations; however, the vulnerability can be exposed if you configure an additional “restrict” line in the NTP configuration that allows remote NTP mode 6 or 7 packets.