[ntp:security] VMware ESXi 4
Hitesh Rajgor
indprem2002 at gmail.com
Mon Oct 28 13:19:01 UTC 2013
Hi ,
After running the VA scanning on VMware ESXi 4 below Ntp version upgrade
is required.
Kindly help us to update the same.
Our current version is Ver.4.2.4p6
System Criticality Operating System
None VMware ESXi 4
NTP Mode 7 Request Denial Of Service Vulnerability [FID 10796] 6.4 Medium
Description:
A denial of service vulnerability is present in some versions of NTP server.
Recommendation:
Upgrade to NTP version 4.2.4p8 or later available at :
http://www.ntp.org/
Observation:
Network Time Protocol (NTP) is a UDP-based network protocol used to
synchronize the clocks of computer systems over a network.
A denial of service vulnerability is present in some versions of NTP
server. A flaw is present in the ntp_request.c in ntpd, which fails to
handle a crafted mode 7(MODE_PRIVATE)
request and replies with a mode 7 error response. Successful
exploitation could allow an attacker to cause a denial of service condition.
Common Vulnerabilities & Exposures (CVE) Link:
CVE-2009-3563
Affected System(s)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20131028/6fca2a00/attachment.html>
More information about the security
mailing list