En

NTP官网安全更新(2019-03-07)

来源:NTP官网 发布日期:2019-03-07 阅读次数:363 评论:0

基本信息

发布日期:2019-03-07(官方当地时间)

更新类型:安全更新

更新版本:4.2.8

感知时间:2019-12-05 19:42:00

风险等级:未知

情报贡献:TSRC

更新标题

March 2019 ntp-4.2.8p13 NTP Release and Security Vulnerability Announcement

更新详情



The NTP Project at Network Time Foundation publicly released ntp-4.2.8p13 on Thursday, 07 March 2019.

This release fixes one security issue in ntpd:

MEDIUM: Sec 3565: Crafted null dereference attack from a trusted source with an authenticated mode 6 packet
A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets from, and must properly authenticate the packet with a private key that is specifically listed as being used for mode 6 authorization.
Reported by Magnus Stubman.



and provides 17 bugfixes and 1 other improvement.

ENotification of these issues were delivered to our Institutional members on a rolling basis as they were reported and as progress was made.

Timeline:
2019 Mar 07: Public release
2019 Feb 20: Release to Advance Security Partners
2019 Jan 16: Notification to Institutional Members
2019 Jan 15: Notification from reporter


软件描述

NTP是用来使计算机时间同步化的一种协议,它可以使计算机对其服务器或时钟源(如石英钟,GPS等等)做同步化,它可以提供高精准度的时间校正(LAN上与标准间差小于1毫秒,WAN上几十毫秒),且可介由加密确认的方式来防止恶毒的协议攻击。NTP的目的是在无序的Internet环境中提供精确和健壮的时间服务。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入