This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LEAP Second Security Vulnerability - Urgent - Attention please answer ASAP.

LEAP Second Security Vulnerability - Urgent - Attention please answer ASAP.

Paul11
Contributor

‎12-29-2016 01:28 PM

When do LEAP Second Security Vulnerability will happen again in end of December 2016???

Is Vulnerability or 2015 002 or any Leap Second going to happen end of this December 2016???

0 Kudos
25 REPLIES 25

Karthik_Mohando
Extreme Employee

‎12-30-2016 12:47 AM

Paul, That is correct, may be you have typo on the year. disable ntp at 23:59:00 PM, 30 Dec, 2016 UTC enable ntp at 23:59:00 PM, 1 Jan, 2017 UTC The leap second insertion would happen on December 31, 2016, at 23:59:60 UTC. would be fine.
0 Kudos

Paul11
Contributor
In response to Karthik_Mohando

‎12-30-2016 12:47 AM

One more thing, our setup

NTP is running as a NTP server on the X450a-24x firmware 15.3.3.5 patch1-6 windows server (NTP client) is getting NTP time from Extreme X450a.

we are not getting any NTP from outside. NTP Server is Exteme x450a.

Will this setup also effected leap second Vulnerable?

-----------------------
Thanks Karthik,

sorry to keep asking as i need to understand my setup and this vulnerability issue. sorry my typo. thanks for correcting me.

I am really appreciate on your help and valuable advice. this Exteme HUB is really awesome with strong technical guru.

Thanks again Karthik.
0 Kudos

Karthik_Mohando
Extreme Employee

‎12-29-2016 11:57 PM

Paul, The vulnerability does not depend on time zone if NTP module is present it can be affected. EXOS version older than EXOS 16.2.1, and 21.1.1 are affected. Here is an article for reference https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2015-002-Leap-Second If NTP module is present then disable ntp before 24 hours of the leap second insertion and Wait a day after the leap second and then re-enable NTP
0 Kudos

Paul11
Contributor
In response to Karthik_Mohando

‎12-29-2016 11:57 PM

One more thing, our setup

NTP is running as a NTP server on the X450a-24x firmware 15.3.3.5 patch1-6 windows server (NTP client) is getting NTP time from Extreme X450a.

we are not getting any NTP from outside. NTP Server is Exteme x450a.

Will this setup also effected leap second Vulnerable?

0 Kudos

Paul11
Contributor
In response to Karthik_Mohando

‎12-29-2016 11:57 PM

Thanks Karthik,

so i no need to care about timezone on the switch. as long as i have enable NTP. I should disable it as below?

disable ntp at 23:59:00 PM, 30 Dec, 2017
enable ntp at 23:59:0 PM, 1 January, 2017
0 Kudos
GTM-P2G8KFN