[CentOS] NTP Vulnerability?
listmail
listmail at entertech.comSat Dec 20 02:42:04 UTC 2014
- Previous message: [CentOS] CentOS-announce Digest, Vol 118, Issue 12
- Next message: [CentOS] NTP Vulnerability?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I just saw this: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 which includes this: " A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable." "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014." I guess no one has had time to respond yet. Wonder if I should shut down my external NTP services as a precaution? --Bill
- Previous message: [CentOS] CentOS-announce Digest, Vol 118, Issue 12
- Next message: [CentOS] NTP Vulnerability?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list