Nexpose Vulnerability Database
NTP clock variables information disclosure
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Moderate (1) | 0.0 (AV:N/AC:L/Au:N/C:N/I:N/A:N) | May 6, 2009 | Apr 1, 2011 | Apr 1, 2011 |
Description:
This sytem allows the internal NTP variables to be queried. These variables contain potentially sensitive information, such as the NTP software version, operating system version, peers, and more.
Solution:
- Disable NTP readvar queries
Apply a restrict option to all hosts that are not authorized to perform NTP readvar queries. For example, to deny readvar requests from all clients, put the following in the NTP configuration file, typically /etc/ntp.conf, and restart the NTP service:
restrict default mask 0.0.0.0 noquery -
Cisco
Restrict NTP readvar queriesApply an ACL that restricts NTP readvar queries from unauthorized clients, as described in the 'Configuring NTP Access Restrictions' section of the Cisco IOS documentation.
Alternatively, if NTP is not required, disable it entirely by running the following command:
ntp disable
Information on these pages is summary information extracted from the Nexpose Vulnerabilty Assessment system. Full details are provided within the Nexpose product for licensed users.
