NTP Denial of Service Vulnerability (CVE-2015-5146)

NTP Denial of Service Vulnerability (CVE-2015-5146)
NTP Denial of Service Vulnerability (CVE-2015-5146)

Release date:
Updated on:

Affected Systems:

NTP

Unaffected system:

NTP 4.3.25
NTP 4.3.25
NTP 4.2.8p3-RC1
NTP 4.2.8p3-RC1

Description:

Bugtraq id: 75589
CVE (CAN) ID: CVE-2015-5146

Network Time Protocol (NTP) is a Protocol used to synchronize computer Time. It can synchronize computers with their servers or clock sources (such as quartzels and GPS.

A security vulnerability exists when NTP processes some remote configuration data packets. Attackers can exploit this vulnerability to crash the affected applications. To exploit this vulnerability, ntpd needs to enable remote configuration. Attackers can understand the password configuration and access the computer that executes remote configuration. Remote Configuration is disabled by default in NTP.

<* Source: Aleksis Kauppinen
*>

Suggestion:

Vendor patch:

NTP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.ntp.org/
Http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi

CentOS NTP server installation and configuration

NTP servers in Linux

NTP client configurations for multiple operating systems

Build an enterprise-level NTP Time Server

Set up an ntp time synchronization server in Linux

Enable NTP time server in CentOS 6.3

This article permanently updates the link address: