vulnerability

RHSA-2016:0063: ntp security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 25, 2016	Jan 29, 2016	Oct 30, 2017

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 25, 2016

Added

Jan 29, 2016

Modified

Oct 30, 2017

Description

The Network Time Protocol (NTP) is used to synchronize a computer's timewith a referenced time source.It was discovered that ntpd as a client did not correctly check theoriginate timestamp in received packets. A remote attacker could use thisflaw to send a crafted packet to an ntpd client that would effectivelydisable synchronization with the server, or push arbitrary offset/delaymeasurements to modify the time on the client. (CVE-2015-8138)All ntp users are advised to upgrade to these updated packages, whichcontain a backported patch to resolve this issue. After installing theupdate, the ntpd daemon will restart automatically.

Solutions

redhat-upgrade-ntpredhat-upgrade-ntp-debuginforedhat-upgrade-ntp-docredhat-upgrade-ntp-perlredhat-upgrade-ntpdateredhat-upgrade-sntp

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today