漏洞类别:General remote services
漏洞等级: 
漏洞信息
The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source.
This update fixes the following vulnerabilities:
- Trap crash. (CVE-2016-9311)
- Mode 6 unauthenticated trap information disclosure and DDoS vector. (CVE-2016-9310)
- Broadcast Mode Replay Prevention DoS. (CVE-2016-7427)
- Broadcast Mode Poll Interval Enforcement DoS. (CVE-2016-7428)
- Windows: ntpd DoS by oversized UDP packet. (CVE-2016-9312)
- Regression: 010-origin: Zero Origin Timestamp Bypass. (CVE-2016-7431)
- Null pointer dereference in _IO_str_init_static_internal(). (CVE-2016-7434)
- Interface selection attack. (CVE-2016-7429)
- Client rate limiting and server responses. (CVE-2016-7426)
- Reboot sync calculation problem. (CVE-2016-7433)
Affected Versions:
NTP versions prior to 4.2.8p9
漏洞危害
A remote unauthenticated attacker may be able to perform a denial of service on targeted system.
解决方案
User are advised to upgrade to the 4.2.8p9 or later version to fix the issues. Latest version can be downloaded from here
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论