[j-nsp] ntpd vulnerability

Jean Benoit jean at unistra.fr
Mon Dec 29 03:41:23 EST 2014


On Wed, Dec 24, 2014 at 01:30:15PM +0200, Ivan Ivanov wrote:
> > On Tue, Dec 23, 2014 at 5:01 PM, Jean Benoit <jean at unistra.fr> wrote:
> > Does anyone know if Juniper has issued a patched version
> > of JunOS for the following vulnerabilities in ntpd ?
>
> Check this out!
> https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR931184

Though the PR was updated recently, the vulnerability description
does not match the issue I am worrying about.
The description refers to the 1 year old NTP amplification attack based
on the ntp monlist command (CVE-2013-5211).
CVE-2014-9295 is a completely unrelated issue. Of course, the same mitigation
technique could be applied (filtering the source address). 
By the way, Cisco acknowledged the vulnerability exists, but hasn't issued
any fix as of december 29:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

--
Jean Benoit
Université de Strasbourg


More information about the juniper-nsp mailing list