|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Cisco - Cisco Security Advisory: NTP Vulnerability
FYI.. http://www.cisco.com/warp/public/707/NTP-pub.shtml By sending a crafted NTP query packet it is possible to trigger a buffer overflow in the NTP daemon. This vulnerability can be exploited remotely. The successful exploitation may cause arbitrary code to be executed on the target machine. Such exploitation, if it is possible at all, would require significant engineering skill and a thorough knowledge of the internal operation of Cisco IOS software or SUN Solaris operating system. To the best of our knowledge this vulnerability cannot cause arbitrary code to be executed on Cisco IOS and SUN Solaris. The vulnerability is present regardless of the role played by the device. The device may be an NTP server or client and it will still be vulnerable. For IOS, this vulnerability is documented as Cisco Bug ID CSCdt93866
|