嚴重性: 緊急

  描述

An arbitrary file overwrite vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to NTPD allowing remote clients to change the pidfile and driftfile configuration options to any arbitrary file, allowing any file on the target system to be overwritten. A remote, authenticated attacker can exploit this vulnerability by sending a crafted NTP request to the vulnerable service. Successful exploitation can cause the NTP process to write the drift value or the pid value to an arbitrary file. This can lead to data corruption or denial-of-service on the target system.

  資訊暴露評比:

Apply associated Trend Micro DPI Rules.

  解決方案

  Trend Micro Deep Security DPI Rule Number: 1007383