Articles by KENNETH

USN-3096-1: NTP vulnerabilities Ubuntu Security Notice USN-3096-1 5th October, 2016 ntp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in NTP. Software description ntp – Network Time Protocol daemon and utility programs Details Aanchal Malhotra discovered that NTP incorrectly handled authenticatedbroadcast mode. A remote attacker could use this issue to perform a replayattack. (CVE-2015-7973) Matt Street discovered that NTP incorrectly verified peer associations ofsymmetric keys. A remote attacker could use this issue to perform animpersonation attack. (CVE-2015-7974) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handledmemory. An attacker could possibly use this issue to cause ntpq to crash,resulting in a denial of service. This issue only affected Ubuntu 16.04LTS. (CVE-2015-7975) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handleddangerous [ more… ]