BSA-2017-219
21546
31 March 2017
31 March 2017
Closed
Low
3.0
N/A
CVE-2016-9310
Summary
Security Advisory ID : BSA-2017-219
Component : ntp
Revision : 1.0: Interim
An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP recommendations, "restrict default noquery ..." is not specified, a specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, disabling legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.
Affected Products
Product | Current Assessment |
---|---|
Brocade 5400 vRouter | Impacted: Fixed in 6.7R13. |
Brocade Services Director | Impacted: Fixed in 17.1 and later. |
Products Confirmed Not Vulnerable
Brocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade Network Advisor, Brocade Network OS, Brocade SDN Controller, Brocade ServerIron ADX, Brocade SLX-OS, Brocade Virtual ADX, BrocadeVirtual Traffic Manager: Software, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | March 31, 2017 |