Wind River Support Network

HomeDefectsLIN6-10451
Fixed

LIN6-10451 : Security Advisory - ntp - CVE-2015-7705

Created: Oct 22, 2015    Updated: Dec 3, 2018
Resolved Date: Nov 24, 2015
Previous ID: LIN4-33111
Found In Version: 6.0.0.25
Fix Version: 6.0.0.27
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

A flaw was found in the way NTP handled rate limiting. An attacker able to send a large number of crafted requests to an NTP server could trigger the rate limiting on that server, and prevent clients from getting a usable reply from the server.

The default NTP configuration in Red Hat Enterprise Linux does not enable rate limiting.

External References:

https://www.cs.bu.edu/~goldbe/NTPattack.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705

Other Downloads


Live chat
Online