This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote EulerOS host is missing multiple security updates.
According to the versions of the ntp packages installed, the EulerOS
installation on the remote host is affected by the following
- It was found that when ntp is configured with rate
limiting for all associations the limits are also
applied to responses received from its configured
sources. A remote attacker who knows the sources can
cause a denial of service by preventing ntpd from
accepting valid responses from its sources.
- A flaw was found in the control mode functionality of
ntpd. A remote attacker could send a crafted control
mode packet which could lead to information disclosure
or result in DDoS amplification attacks.
- A flaw was found in the way ntpd implemented the trap
service. A remote attacker could send a specially
crafted packet to cause a null pointer dereference that
will crash ntpd, resulting in a denial of service.
- A flaw was found in the way ntpd running on a host with
multiple network interfaces handled certain server
responses. A remote attacker could use this flaw which
would cause ntpd to not synchronize with the source.
- A flaw was found in the way ntpd calculated the root
delay. A remote attacker could send a specially-crafted
spoofed packet to cause denial of service or in some
special cases even crash. (CVE-2016-7433)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected ntp packages.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true