Security Vulnerabilities

Network Time Protocol Daemon (ntpd) Vulnerabilities in NetApp Products

Duncan 2188 Views 0 Comments 1 min read

Advisory ID: NTAP-20171031-0001

Version: 1.0

Last updated: 31.10.2017

Status: Interim.

CVEs: CVE-2015-7979, CVE-2015-7973, CVE-2015-7974, CVE-2015-8158, CVE-2015-8138, CVE-2015-7978, CVE-2015-7977, CVE-2015-7976, CVE-2015-7975

Multiple NetApp products contain the Network Time Protocol daemon (ntpd). The Open NTP project (www.ntp.org) has released a Security Notice regarding some vulnerabilities that affect versions before ntp-4.2.8p6. These vulnerabilities could allow attackers to bypass security restrictions, conduct spoofing attacks, cause a denial of service or gain unauthorized access to the system.

Impact

Exploitation of these vulnerabilities could allow attackers to bypass security restrictions, conduct spoofing attacks, cause a denial of service or gain unauthorized access to the system.

Affected Products

  • Clustered Data ONTAP
  • Data ONTAP operating in 7-Mode
  • OnCommand Balance

Obtaining Software Fixes

Software fixes will be made available through the NetApp Support website in the Software Download section.

https://mysupport.netapp.com/NOW/cgi-bin/software/

Customers who do not have access to the Support website should contact Technical Support at the number below to obtain the patches.




Image result for netapp fas

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.