13 matches found
FreeBSD-SA-17:03.ntp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:03.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2017-04-12 Credits: Network Time...
CVE-2017-6458
A vulnerability was found in NTP, in the building of response packets with custom fields. If custom fields were configured in ntp.conf with particularly long names, inclusion of these fields in the response packet could cause a buffer overflow, leading to a crash. Mitigation Implement BCP-38. If...
CVE-2016-9042
A vulnerability was found in NTP, affecting the origin timestamp check function. An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service. Mitigation Implement...
[ASA-201611-28] ntp: multiple issues
Arch Linux Security Advisory ASA-201611-28 ========================================== Severity: High Date : 2016-11-26 CVE-ID : CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 Package : ntp Type : multiple issues Remote...
Exploit Code Released for NTP Vulnerability
A researcher has released a proof-of-concept exploit for a vulnerability in the Network Time Protocol daemon that could crash a server with a single, malformed packet. The Network Time Foundation’s NTP Project on Monday patched the bug and nine others with the release of NTP 4.2.8p9. The...
Internet Bug Bounty: ntpd: read_mru_list() does inadequate incoming packet checks
Summary: If ntpd is configured to allow mrulist query requests from a server that sends a crafted malicious packet, ntpd will crash on receipt of that crafted malicious mrulist query packet. Mitigation: - Only allow mrulist query packets from trusted hosts. - Implement BCP-38. - Upgrade to 4.2.8p...
SOL82644737 - NTP vulnerability CVE-2016-4954
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL64505405 - NTP vulnerability CVE-2016-4956
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL92800352 - NTP vulnerability CVE-2016-4953
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
FreeBSD-SA-16:24.ntp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:24.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2016-06-04 Credits: Network Time...
Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec
Someone just DDoSed one of the most critical organs of the Internet anatomy – The Internet's DNS Root Servers. Early last week, a flood of as many as 5 Million queries per second hit many of the Internet's DNS Domain Name System Root Servers that act as the authoritative reference for mapping...
Internet Root Name Servers DDoS Attack
An unusual DDoS amplification attack was carried out 10 days ago against many of the Internet’s 13 root name servers, the authoritative servers used to resolve IP addresses. The attacks happened on Nov. 30 and again on Dec. 1, and each time, massive volumes of traffic, peaking at five million...
Open DNS Resolvers Center Stage in Massive DDoS Attacks
For some perspective on what 300 Gbps of traffic represents, let’s just pretend that your company, as a potential customer, put this massive volume of bits and bytes in front of 20 of the leading Internet service providers. Chances are, all but three or four will tell you “Thanks, but no thanks, ...