You are here
NTP Vulnerabilities from October 2015
Submitted on 16. November 2015 - 11:58 by rischi.
Last update on 17. November 2015 - 10:39.
Last update on 17. November 2015 - 10:39.
IDs:
CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
Keywords:
ntp
Description:
In October 2015, NTP.org released a security advisory [1] detailing issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time.
Airlock WAF is not affected.
Details:
The following vulnerabilities do not affect Airlock WAF because:
- RHEL/CentOS 6 is not affected: CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7851, CVE-2015-7854, CVE-2015-7871
- Crypto directives are not used in the NTP configuration: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702
- the NTP configuration on Airlock WAF is trusted and can not be modified remotely: CVE-2015-7850
- ntpq and ntpdc queries are prevented (noquery option in NTP configuration): CVE-2015-7703, CVE-2015-7704, CVE-2015-7852, CVE-2015-7855
- Hardware clocks are trusted: CVE-2015-7853
Resolution:
no action is required
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
No action required