NTP 'ntpd/ntp_config.c 'Denial of Service Vulnerability (CVE-2015-5195)

NTP 'ntpd/ntp_config.c 'Denial of Service Vulnerability (CVE-2015-5195)
NTP 'ntpd/ntp_config.c 'Denial of Service Vulnerability (CVE-2015-5195)

Release date:
Updated on:

Affected Systems:

NTP 4.x

Description:

Bugtraq id: 76474
CVE (CAN) ID: CVE-2015-5195

Network Time Protocol (NTP) is a Protocol used to synchronize computer Time. It can synchronize computers with their servers or clock sources (such as quartzels and GPS.

Ntpd crashes when dealing with config commands with the statistics type. Remote attackers can exploit this vulnerability to create infinite loops and cause DOS.

<* Source: Miroslav Lichvar
*>

Suggestion:

Vendor patch:

NTP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://bk.ntp.org/ntp-dev? PAGE = patch & REV = 4d253ed0a400lyhrqiv0u23n1_ugaa

CentOS NTP server installation and configuration

NTP servers in Linux

NTP client configurations for multiple operating systems

Build an enterprise-level NTP Time Server

Set up an ntp time synchronization server in Linux

Enable NTP time server in CentOS 6.3

This article permanently updates the link address: