Software: New NTP-Version 4.2.4p7 for Windows - Security Update
|
|
|
|
Following the release of NTP 4.2.4p7 by the NTP Public Services Project, Meinberg Funkuhren today updated their NTP Installer for Windows NT4 SP6a, Windows 2000, Windows XP, Windows 2003 Server, Windows Vista and Windows 2008 Server and offers it on their NTP Download page.
|
The new "stable" version of the NTP reference implementation includes fixes for a number of security-relevant bugs:
- [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
Credit for finding this vulnerability goes to Geoff Keating of Apple.
Bug 1144
- [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
Credit for finding this issue goes to Dave Hart.
Bug 1149
- [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
Bug 1151
Additionally, a number of small improvements and optimizations for Windows systems have been added to this point release. Updating existing installations is therefore highly recommended.
|
|
