Network Time Protocol Daemon (ntpd) Information Disclosure

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote NTP server is affected by an information disclosure
vulnerability.

Description :

The remote NTP server is affected by an information disclosure
vulnerability due to improper validation of the 'vallen' value in
extension fields in 'ntp_crypto.c'. This allows a remote attacker to
disclose sensitive information.

Note that this plugin requires both the scanner IP and target IP to
not go through Network Address Translation (NAT) when communicating
with each other.

See also :

http://support.ntp.org/bin/view/Main/SecurityNotice

Solution :

Upgrade to NTP version 4.2.8p1 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Misc.

Nessus Plugin ID: 84288 ()

Bugtraq ID: 72583

CVE ID: CVE-2014-9297

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now