CVE-2017-6464 ntp: Denial of Service via malformed config

Unitrends
Backup
General

CVE ID

CVE-2017-6464

DESCRIPTION

A vulnerability was discovered in the NTP server's parsing of configuration
directives. A remote, authenticated attacker could cause ntpd to crash by
sending a crafted message.

CVSS3 Base Score 5.3

Related CVEs: CVE-2017-6463, CVE-2017-6462

RESOLUTION

Fixed in latest Unitrends security update with
ntp-4.2.6p5-12.el6.centos.1

LINK TO ADVISORIES

https://nvd.nist.gov/vuln/detail/CVE-2017-6464 https://access.redhat.com/security/cve/cve-2017-6464 https://access.redhat.com/security/cve/cve-2017-6463 https://access.redhat.com/security/cve/cve-2017-6462

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Contact us

Browse this section

How to upgrade the appliance via Unitrends' media (Air Gap / Offline updates)
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.3
How to disable an unused network interface to prevent conflict or accidental routing.
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.2
CBTDriverError:uvbCbtSnapshotCreationStarted <CBT_CTL_DUPLICATE_SNAPSHOT_CREATE>
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.1
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5
UnitrendsMSP: Remove appliance
Steps to perform post a successful migration steps on CentOS6 UB (CentOS6 to CentOS7)
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.4.11