RHSA-2001:045: Network Time Daemon (ntpd) has potential remote root exploit
Description
The Network Time Daemon (ntpd) supplied with all releases of Red Hat Linux is vulnerable to a buffer overflow, allowing a remote attacker to potentially gain root level access to a machine. All users of ntpd are strongly encouraged to upgrade.
The Network Time Daemon (xntpd on Red Hat Linux 6.2 and earlier, ntpd on Red Hat Linux 7.0) does not properly check the size of a buffer used to hold incoming data from the network. Potentially, an attacker could gain root access by exploiting this weakness. Potential damage is mitigated by the fact that the Network Time Daemon is not enabled by default. If you are not using network time services, it may not even be installed. As a general rule, Red Hat encourages users to enable only those network services they actually need.
Solution(s)
- redhat-upgrade-ntp
- redhat-upgrade-xntp3
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center