F5 Networks BIG-IP : NTP vulnerability (K17516)
Medium Nessus Plugin ID 88815
SynopsisThe remote device is missing a vendor-supplied security patch.
Descriptionntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. (CVE-2015-7852)
While the scope of the impact is limited, an attacker may be able to craft response packets that cause ntpq to exit. There is no data plane exposure for the BIG-IP system, and this issue can only be exposed when an instance of ntpq is running in interactive mode.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K17516.