VN-2015-009 – Multiple NTP Vulnerabilities

  • 2
  • Announcement
  • Updated 3 years ago
Multiple vulnerabilities have been found and fixed in the software that implements the Network Time Protocol (NTP). These vulnerabilities range from memory corruption issues to conditions in which attackers can force an NTP daemon to adjust the local clock setting to a value that is maliciously influenced through an authentication bypass vulnerability.
Extreme Networks has posted its assessment of these vulnerabilities, described by numerous CVEs.

More information can be found in this document.  It will be updated as more information is available.
Photo of Drew C.

Drew C., Community Manager

  • 39,442 Points 20k badge 2x thumb

Posted 3 years ago

  • 2
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Hi Drew,

I see that fix will be available for 15.5 and 15.7.
Do you have any plans to fix this in  15.6 ?

--
Jarek
Photo of Drew C.

Drew C., Community Manager

  • 39,442 Points 20k badge 2x thumb
Hi Jarek,
We're working on Rev3 of notice now and I've asked if we can get an answer to your question published with it.  If the updates are going in 15.5.5 and 15.7.3, I would imagine we can get it in a 15.6.x release as well.
Photo of Drew C.

Drew C., Community Manager

  • 39,442 Points 20k badge 2x thumb
The rev3 copy should be posted any minute now.  In it, you'll find that target fixes are now listed for EXOS 21.1, 16.2, 16.1.3, 15.7.3, 15.6.4, and 15.5.5.  Some of those actual release versions will be done as patches.

EDIT:  It has been posted now
(Edited)