Preview Tool

Cisco Bug: CSCsz81226 - Update NTPd version in Meeting Place

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Unified MeetingPlace

Known Affected Releases

5.3(1.15) 5.4(19) 6.0(1.12)

Description (partial)

Upgrade version of NTPd used within this product.

Upgrade version of NTPd to ensure fixes for:

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c
in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute
arbitrary code via a crafted response. 

An insecure "sprintf()" call in the "crypto_recv()" [ntpd/ntp_crypto.c]
function when ntpd was compiled with OpenSSL support and is configured
to use Autokey (enabled via a "crypto pw password" line in the ntp.conf
file), could be exploited by attackers to crash an affected daemon or
execute arbitrary code via a malicious packet.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.