Wind River Support Network

HomeDefectsLIN7-7033

Fixed

LIN7-7033 : Security Advisory - ntp - CVE-2016-9310

Created: Nov 21, 2016 Updated: Sep 8, 2018

Resolved Date: Nov 24, 2016

Found In Version: 7.0

Fix Version: 7.0.0.22

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP recommendations, "restrict default noquery ..." is not specified, a specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, disabling legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability. 

http://support.ntp.org/bin/view/Main/NtpBug3118
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9310

Other Downloads

Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2016-9310