Re: NTP Vulnerability?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



https://access.redhat.com/security/cve/CVE-2014-9295

2014-12-20 4:42 GMT+02:00 listmail <listmail@xxxxxxxxxxxxx>:

> I just saw this:
>
> https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01
>
> which includes this:
> " A remote attacker can send a carefully crafted packet that can overflow a
> stack buffer and potentially allow malicious code to be executed with the
> privilege level of the ntpd process. All NTP4 releases before 4.2.8 are
> vulnerable."
>
> "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014."
>
> I guess no one has had time to respond yet. Wonder if I should shut down my
> external NTP services as a precaution?
>
> --Bill
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux