Network Time Protocol Daemon (ntpd) Vulnerabilities in NetApp Products
Multiple NetApp products contain the Network Time Protocol daemon (ntpd). The Open NTP project (www.ntp.org) has released a Security Notice regarding some vulnerabilities that affect versions before ntp-4.2.8p6. These vulnerabilities could allow attackers to bypass security restrictions, conduct spoofing attacks, cause a denial of service or gain unauthorized access to the system.
Impact
Exploitation of these vulnerabilities could allow attackers to bypass security restrictions, conduct spoofing attacks, cause a denial of service or gain unauthorized access to the system.
Affected Products
- Clustered Data ONTAP
- Data ONTAP operating in 7-Mode
- OnCommand Balance
Obtaining Software Fixes
Software fixes will be made available through the NetApp Support website in the Software Download section.
https://mysupport.netapp.com/NOW/cgi-bin/software/
Customers who do not have access to the Support website should contact Technical Support at the number below to obtain the patches.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.