Friday, 23 October 2015

Vulnerabilities In Network Time Protocol (NTP) DoS Permit



In the Network Time Protocol (NTP) Multiple vulnerabilities have been identified that could allow attackers to systems that make use of NTP can cause a Denial of Service (DoS). NTP is a protocol that allows systems to synchronize the time for different services and applications.

It is present in network devices and embedded devices', as well as desktop and server operating systems, including Mac OS X, various Linux distributions and BSD-based systems. Decided last year to start the Linux Foundation on the occasion of the Heart Bleed vulnerability Core Infrastructure Initiative (CII) with the aim of securing popular open source projects on the Internet. Cisco is part of the CII and focuses on researching NTP.

Researchers at Cisco have a total of eight vulnerabilities discovered in NTP, which in ntp-4.2.8p4 been resolved. Also five other leaks are history. In addition to a Denial of Service are also bug fixes are causing memory corruption or path traversal were possible. The only vulnerability that is too general, according to the developers of NTP abuse is concerned a bug allowing attackers with NTP servers for DDoS attacks can deploy. In August, warned the FBI for DDoS attacks that uses the Network Time Protocol.

No comments:

Post a Comment