A remote denial of service vulnerability has been identified in NTP time servers from a leading UK supplier. Syslog monitor has identified Time Tools’ NTP Time Server Syslog Monitor 1.0 has being vulnerable.

Vulnerability Description: Windows NTP Time Server Syslog Monitor 1.0.000 is vulnerable to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Sending a specially crafted UDP Syslog request will cause the application to become unstable and stop responding.

Impact: A remote or local attacker can exploit this flaw by sending a specially crafted packet to the Syslog server. Successful exploitation of this flaw will cause the Syslog server process to crash preventing valid users or devices from using the service. The Syslog server will need to be restarted to resume normal Syslog server operations.

Users of Time Tools products should be aware of the vulnerability and act accordingly.

A remote denial of service vulnerability has been identified in NTP time servers from a leading UK supplier. Syslog monitor has identified Time Tools’ NTP Time Server Syslog Monitor 1.0 has being vulnerable.

Vulnerability Description: Windows NTP Time Server Syslog Monitor 1.0.000 is vulnerable to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Sending a specially crafted UDP Syslog request will cause the application to become unstable and stop responding.

Impact: A remote or local attacker can exploit this flaw by sending a specially crafted packet to the Syslog server. Successful exploitation of this flaw will cause the Syslog server process to crash preventing valid users or devices from using the service. The Syslog server will need to be restarted to resume normal Syslog server operations.

Users of Time Tools products should be aware of the vulnerability and act accordingly.

Sources:


http://www.securityfocus.com/bid/33290


http://packetstormsecurity.org/0901-advisories/winntp-dos.txt

Article from articlesbase.com