[ntp:security] VMware ESXi 4

Hitesh Rajgor indprem2002 at gmail.com
Mon Oct 28 13:19:01 UTC 2013


Hi ,

After running the VA scanning on VMware ESXi 4  below Ntp version upgrade
is required.
Kindly help us to update the same.

Our current version is Ver.4.2.4p6


System Criticality Operating System
 None VMware ESXi 4
NTP Mode 7 Request Denial Of Service Vulnerability [FID 10796] 6.4 Medium
Description:
A denial of service vulnerability is present in some versions of NTP server.

Recommendation:
Upgrade to NTP version 4.2.4p8 or later available at :
http://www.ntp.org/

Observation:
Network Time Protocol (NTP) is a UDP-based network protocol used to
synchronize the clocks of computer systems over a network.
A denial of service vulnerability is present in some versions of NTP
server. A flaw is present in the ntp_request.c in ntpd, which fails to
handle a crafted mode 7(MODE_PRIVATE)
request and replies with a mode 7 error response. Successful
exploitation could allow an attacker to cause a denial of service condition.

Common Vulnerabilities & Exposures (CVE) Link:
CVE-2009-3563
Affected System(s)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20131028/6fca2a00/attachment.html>


More information about the security mailing list