Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

ICS-CERT: Remote Code Execution Flaw, Network Time Protocol

December 22, 2014 by Marc Handelman in All is Information, Compute Infrastructure, Computer Science, Information Security, TCP/IP Internetworking, Web Security, Time, Network Protocols

Reports of newly discovered targeted attack code harshed our collective holiday mellow late last week, with the notification via the ICS CERT of flaws in the Network Time Protocol (in this case, prior to NTP version 4.2.8). The NTP 4.28 tarball is here, for folks that need to update their NTP deployments.

"NTP users are strongly urged to take immediate action to ensure that their NTP daemon is not susceptible to use in a reflected denial-of-service (DRDoS) attack. Please see the NTP Security Notice for vulnerability and mitigation details, and the Network Time Foundation Blog for more information. (January 2014) " - via NTP.org

 

December 22, 2014 /Marc Handelman
All is Information, Compute Infrastructure, Computer Science, Information Security, TCP/IP Internetworking, Web Security, Time, Network Protocols
  • Newer
  • Older