Bug 1331467 (CVE-2016-2517)
Summary: | CVE-2016-2517 ntp: certain remote configuration values not properly validated | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | jaeshin, mdshaikh, mlichvar, sardella, slawomir |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ntp 4.2.8p7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-02 12:51:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1332160 | ||
Bug Blocks: | 1331437 |
Description
Martin Prpič
2016-04-28 14:53:12 UTC
Created ntp tracking bugs for this issue: Affects: fedora-all [bug 1332160] Statement: Red Hat Product Security does not consider this to be a security issue. An authenticated user could use various other means to disable access to an NTP server (for example, using the 'restrict' command). To mitigate this issue, disable remote configuration of NTP, or restrict this ability to trusted users. |