취약점 정보2
NTP 4.2.8p9 업데이트 권고
Ryansecurity
2016. 11. 22. 09:16
728x90
NTF’s Network Time Protocol (NTP) Project released ntp-4.2.8p9 on 21 November 2016, its first update since ntp-4.2.8p8 was released in June. The latest version addresses the following:
- 1 HIGH severity vulnerability that only affects Windows
- 2 MEDIUM severity vulnerabilities
- 2 MEDIUM/LOW severity vulnerabilities
- 5 LOW severity vulnerabilities
- 28 non-security fixes and improvements
All of the security issues in this release are included in VU#633847.
- Sec 3119 / CVE-2016-9311: Trap crash
- Reported by Matthew Van Gundy of Cisco ASIG.
- Sec 3118 / CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector
- Reported by Matthew Van Gundy of Cisco ASIG.
- Sec 3114 / CVE-2016-7427: Broadcast Mode Replay Prevention DoS
- Reported by Matthew Van Gundy of Cisco ASIG.
- Sec 3113 / CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS
- Reported by Matthew Van Gundy of Cisco ASIG.
- Sec 3110 / CVE-2016-9312: Windows: ntpd DoS by oversized UDP packet
- Reported by Robert Pajak of ABB.
- Sec 3102 / CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass
- Reported by Sharon Goldberg and Aanchal Malhotra of Boston University.
- Sec 3082 / CVE-2016-7434: Null pointer dereference in
_IO_str_init_static_internal()
- Reported by Magnus Stubman.
- Sec 3072 / CVE-2016-7429: Interface selection attack
- Reported by Miroslav Lichvar of Red Hat.
- Sec 3071 / CVE-2016-7426: Client rate limiting and server responses
- Reported by Miroslav Lichvar of Red Hat.
- Sec 3067 / CVE-2016-7433: Reboot sync calculation problem
- Reported independently by Brian Utterback of Oracle, and by Sharon Goldberg and Aanchal Malhotra of Boston University.
728x90