cancel
Showing results for 
Search instead for 
Did you mean: 

VN-2015-009 – Multiple NTP Vulnerabilities

VN-2015-009 – Multiple NTP Vulnerabilities

Drew_C
Valued Contributor III
Multiple vulnerabilities have been found and fixed in the software that implements the Network Time Protocol (NTP). These vulnerabilities range from memory corruption issues to conditions in which attackers can force an NTP daemon to adjust the local clock setting to a value that is maliciously influenced through an authentication bypass vulnerability.
Extreme Networks has posted its assessment of these vulnerabilities, described by numerous CVEs.

More information can be found in this document. It will be updated as more information is available.
3 REPLIES 3

Jarek
New Contributor II
Hi Drew,

I see that fix will be available for 15.5 and 15.7.
Do you have any plans to fix this in 15.6 ?

--
Jarek

Drew_C
Valued Contributor III
The rev3 copy should be posted any minute now. In it, you'll find that target fixes are now listed for EXOS 21.1, 16.2, 16.1.3, 15.7.3, 15.6.4, and 15.5.5. Some of those actual release versions will be done as patches.

EDIT: It has been posted now

Drew_C
Valued Contributor III
Hi Jarek,
We're working on Rev3 of notice now and I've asked if we can get an answer to your question published with it. If the updates are going in 15.5.5 and 15.7.3, I would imagine we can get it in a 15.6.x release as well.
GTM-P2G8KFN