NTP Is The Latest Project Struck By Security Issues
Written by Michael Larabel in Linux Security on 22 December 2014 at 09:50 AM EST. 12 Comments
LINUX SECURITY --
The latest open-source project being exposed to a number of security vulnerabilities is NTP, the Network Time Protocol.

Now public via the ICS-CERT after the discoveries were made by the Google Security Team are multiple vulnerabilities with the widely-used NTP. These vulnerabilities could lead to arbitrary code execution with the same privileges as the NTP daemon. These vulnerabilities can be exploited remotely and the ICS-CERT characterizes them as requiring low skills to exploit.

Among the Network Time Protocol vulnerabilities are insufficient entropy, use of cryptographically weak PNRG, stack-based buffer overflows, and missing returns on errors.

More details on the NTP vulnerabilities can be found via US-CERT.gov.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week