Vulnerability & Exploit Database

Back to search

RHSA-2015:2520: ntp security update

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) November 26, 2015 November 27, 2015 October 30, 2017

Description

The Network Time Protocol (NTP) is used to synchronize a computer's timewith a referenced time source.It was discovered that ntpd as a client did not correctly check timestampsin Kiss-of-Death packets. A remote attacker could use this flaw to send acrafted Kiss-of-Death packet to an ntpd client that would increase theclient's polling interval value, and effectively disable synchronizationwith the server. (CVE-2015-7704)Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and SharonGoldberg of Boston University for reporting this issue.All ntp users are advised to upgrade to these updated packages, whichcontain a backported patch to resolve this issue. After installing theupdate, the ntpd daemon will restart automatically.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-ntp

Related Vulnerabilities