Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
FYI...
Network Time Protocol update
- https://www.us-cert....col-Daemon-ntpd
Nov 21, 2016 - "The Network Time Foundation's NTP Project has released version ntp-4.2.8p9 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
US-CERT encourages users and administrators to review Vulnerability Note VU#633847* and the NTP Security Notice Page** for vulnerability and mitigation details."
* http://www.kb.cert.org/vuls/id/633847
** http://nwtime.org/ntp428p9_release/
___
- http://www.securityt....com/id/1037354
CVE Reference: CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312
Nov 29 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 4.2.8p9 ...
Impact: A remote user can cause the target service to crash.
A remote user can obtain potentially sensitive information from the target system.
A remote user can conduct denial of service amplification attacks against other targets.
Solution: The vendor has issued a fix (4.2.8p9)...
Vendor URL: http://support.ntp.o..._4_2_8p9_NTP_Se
Edited by AplusWebMaster, 06 December 2016 - 04:21 AM.
