CVE-2016-9311 Cisco Nexus Network Time Protocol Daemon Multiple Vulnerabilities (cisco-sa-20161123-ntpd)

2016年12月8日 1283点热度 0人点赞 0条评论

漏洞类别：Cisco

漏洞等级：

漏洞信息

Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Following vulnerabilities exists in NTP :-
Network Time Protocol Trap Service Denial of Service Vulnerability
Network Time Protocol Broadcast Mode Denial of Service Vulnerability
Network Time Protocol Broadcast Mode Denial of Service Vulnerability
Network Time Protocol Insufficient Resource Pool Denial of Service Vulnerability
Network Time Protocol Configuration Modification Denial of Service Vulnerability
Network Time Protocol mrulist Query Requests Denial of Service Vulnerability
Network Time Protocol Multiple Binds to the Same Port Vulnerability
Network Time Protocol Rate Limiting Denial of Service Vulnerability

漏洞危害

Successful exploitation could allow an unauthenticated, remote attacker to cause a denial of service condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

解决方案

Refer to Cisco advisory cisco-sa-20161123-ntpd for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

cisco-sa-20161123-ntpd: Cisco Nexus 7000

0day

CVE-2016-9311 Cisco Nexus Network Time Protocol Daemon Multiple Vulnerabilities (cisco-sa-20161123-ntpd)

文章评论