NTP 'ntpd/ntp_config.c 'Denial of Service Vulnerability (CVE-2015-5195)
NTP 'ntpd/ntp_config.c 'Denial of Service Vulnerability (CVE-2015-5195)
Release date:
Updated on:
Affected Systems:
NTP 4.x
Description:
Bugtraq id: 76474
CVE (CAN) ID: CVE-2015-5195
Network Time Protocol (NTP) is a Protocol used to synchronize computer Time. It can synchronize computers with their servers or clock sources (such as quartzels and GPS.
Ntpd crashes when dealing with config commands with the statistics type. Remote attackers can exploit this vulnerability to create infinite loops and cause DOS.
<* Source: Miroslav Lichvar
*>
Suggestion:
Vendor patch:
NTP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://bk.ntp.org/ntp-dev? PAGE = patch & REV = 4d253ed0a400lyhrqiv0u23n1_ugaa
CentOS NTP server installation and configuration
NTP servers in Linux
NTP client configurations for multiple operating systems
Build an enterprise-level NTP Time Server
Set up an ntp time synchronization server in Linux
Enable NTP time server in CentOS 6.3
This article permanently updates the link address: