Submission + - Serious flaws in NTP (the application, not the protocol) need to be patched 3
hawkinspeter writes: A new set of vulnerabilities with the most common NTP daemon have been discovered by Google security researchers. There exist public exploits that target these flaws, so it's recommended to patch to version 4.2.8 (or switch to openntp which doesn't have the same issues) immediately. This is especially problematic for those systems that run ntpd with root privileges as a single carefully crafted packet can allow access at the privilege level of the process. This was reported by ZDNet a few days ago and I have yet to see the Ubuntu patches for this, but it looks like Red Hat are on top of things.