Cisco Systems, Inc. Information for VU#970472

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function


Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

IOS is not vulnerable to the ntpdx exploit as it is posted to the Bugtraq. However, to be

on the safe side, we recommend that you include this line in your config:

ntp access-group serve-only

This will allow only time requests but ignore control queries.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.