NTP Is The Latest Project Struck By Security Issues
The latest open-source project being exposed to a number of security vulnerabilities is NTP, the Network Time Protocol.
Now public via the ICS-CERT after the discoveries were made by the Google Security Team are multiple vulnerabilities with the widely-used NTP. These vulnerabilities could lead to arbitrary code execution with the same privileges as the NTP daemon. These vulnerabilities can be exploited remotely and the ICS-CERT characterizes them as requiring low skills to exploit.
Among the Network Time Protocol vulnerabilities are insufficient entropy, use of cryptographically weak PNRG, stack-based buffer overflows, and missing returns on errors.
More details on the NTP vulnerabilities can be found via US-CERT.gov.
Now public via the ICS-CERT after the discoveries were made by the Google Security Team are multiple vulnerabilities with the widely-used NTP. These vulnerabilities could lead to arbitrary code execution with the same privileges as the NTP daemon. These vulnerabilities can be exploited remotely and the ICS-CERT characterizes them as requiring low skills to exploit.
Among the Network Time Protocol vulnerabilities are insufficient entropy, use of cryptographically weak PNRG, stack-based buffer overflows, and missing returns on errors.
More details on the NTP vulnerabilities can be found via US-CERT.gov.
12 Comments