Data: CASIE
Negative Trigger
more
than
a
dozen
vulnerabilities
.
Experts
identified
Vulnerability-related.DiscoverVulnerability
a
total
of
16
security-related
issues
,
including
8
weaknesses
that
only
affect
Vulnerability-related.DiscoverVulnerability
NTP
and
two
that
only
impact
Vulnerability-related.DiscoverVulnerability
NTPsec
,
which
is
meant
to
be
a
secure
,
hardened
and
improved
implementation
of
NTP
.
Cure53
has
published
separate
reports
focusing
on
the
NTP
and
NTPsec
problems
.
The
Network
Time
Foundation
addressed
Vulnerability-related.PatchVulnerability
the
flaws
earlier
this
month
with
the
release
of
ntp-4.2.8p10
.
Cure53
has classified
Vulnerability-related.DiscoverVulnerability
one
vulnerability
as
being
critical
.
CVE-2017-6460
,
which
only
affects
Vulnerability-related.DiscoverVulnerability
NTP
,
has
been
described
Vulnerability-related.DiscoverVulnerability
as
a
stack-based
buffer
overflow
that
can
be
triggered
by
a
malicious
server
when
a
client
requests
the
restriction
list
.
The
flaw
can
be exploited
Vulnerability-related.DiscoverVulnerability
to
cause
a
crash
and
possibly
to
execute
arbitrary
code
.
The
security
holes
rated
Vulnerability-related.DiscoverVulnerability
by
Cure53
as
high
severity
are
CVE-2017-6463
and
CVE-2017-6464
,
both
of
which
can
be exploited
Vulnerability-related.DiscoverVulnerability
for
DoS
attacks
.
It
’
s
worth
noting
that
while
some
of
the
vulnerabilities
have been classified
Vulnerability-related.DiscoverVulnerability
as
critical
and
high
severity
by
Cure53
,
NTP
developers
have
only
assigned
Vulnerability-related.DiscoverVulnerability
medium
,
low
and
informational-level
severity
ratings
to
the
discovered
flaws
.
Ntp-4.2.8p10
patches
Vulnerability-related.PatchVulnerability
a
total
of
15
vulnerabilities
and
also
includes
just
as
many
non-security
fixes
and
improvements
.
Of
the
15
security
holes
resolved
Vulnerability-related.PatchVulnerability
in
the
latest
version
,
14
were discovered
Vulnerability-related.DiscoverVulnerability
by
Cure53
,
which
also
noticed
Vulnerability-related.DiscoverVulnerability
that
a
flaw
initially
patched
Vulnerability-related.PatchVulnerability
in
December
2014
was reintroduced
Vulnerability-related.DiscoverVulnerability
in
November
2016
.
One
of
the
vulnerabilities
fixed
Vulnerability-related.PatchVulnerability
in
ntp-4.2.8p10
was reported
Vulnerability-related.DiscoverVulnerability
by
researchers
at
Cisco
Talos
.
Experts
identified
Vulnerability-related.DiscoverVulnerability
a
DoS
vulnerability
affecting
Vulnerability-related.DiscoverVulnerability
the
origin
timestamp
check
functionality