Meinberg Funkuhren GmbH & Co. KG Information for VU#568372

NTP mode 7 denial-of-service vulnerability

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

we announced on Friday that our LANTIME NTP Time Server Appliances are affected as well:

http://www.meinberg.de/english/news/lantime-firmware-update-ntp-security-problem-with-mode-7-packets.htm

Additionally, Meinberg provides an easy-to-use Windows installer for the reference implementation of NTP, i.e. we created an installer that installs the original ntpd from ntp.org on Windows machines. We also updated this installer to include 4.2.4p8 and nicknamed it "lennon" (in memory of the death of John Lennon, wo died on December 8th - the day when this vulnerability has been announced.

http://www.meinberg.de/english/news/software-new-ntp-version-for-windows-4-2-4p8-security-update.htm

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.