This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VN-2015-009 – Multiple NTP Vulnerabilities

VN-2015-009 – Multiple NTP Vulnerabilities

Drew_C
Valued Contributor III

‎11-02-2015 07:55 PM

Multiple vulnerabilities have been found and fixed in the software that implements the Network Time Protocol (NTP). These vulnerabilities range from memory corruption issues to conditions in which attackers can force an NTP daemon to adjust the local clock setting to a value that is maliciously influenced through an authentication bypass vulnerability.
Extreme Networks has posted its assessment of these vulnerabilities, described by numerous CVEs.

More information can be found in this document. It will be updated as more information is available.
3 REPLIES 3

Jarek
New Contributor II

‎11-03-2015 08:27 AM

Hi Drew,

I see that fix will be available for 15.5 and 15.7.
Do you have any plans to fix this in 15.6 ?

--
Jarek

0 Kudos

Drew_C
Valued Contributor III
In response to Jarek

‎11-03-2015 08:27 AM

The rev3 copy should be posted any minute now. In it, you'll find that target fixes are now listed for EXOS 21.1, 16.2, 16.1.3, 15.7.3, 15.6.4, and 15.5.5. Some of those actual release versions will be done as patches.

EDIT: It has been posted now
0 Kudos

Drew_C
Valued Contributor III
In response to Jarek

‎11-03-2015 08:27 AM

Hi Jarek,
We're working on Rev3 of notice now and I've asked if we can get an answer to your question published with it. If the updates are going in 15.5.5 and 15.7.3, I would imagine we can get it in a 15.6.x release as well.
0 Kudos
GTM-P2G8KFN