This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Security Fix(es) :
- It was found that when ntp is configured with rate
limiting for all associations the limits are also
applied to responses received from its configured
sources. A remote attacker who knows the sources can
cause a denial of service by preventing ntpd from
accepting valid responses from its sources.
- A flaw was found in the control mode functionality of
ntpd. A remote attacker could send a crafted control
mode packet which could lead to information disclosure
or result in DDoS amplification attacks. (CVE-2016-9310)
- A flaw was found in the way ntpd implemented the trap
service. A remote attacker could send a specially
crafted packet to cause a NULL pointer dereference that
will crash ntpd, resulting in a denial of service.
- A flaw was found in the way ntpd running on a host with
multiple network interfaces handled certain server
responses. A remote attacker could use this flaw which
would cause ntpd to not synchronize with the source.
- A flaw was found in the way ntpd calculated the root
delay. A remote attacker could send a specially crafted
spoofed packet to cause denial of service or in some
special cases even crash. (CVE-2016-7433)
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.1
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 97039 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now