Jump to content


Photo

NTP Project ntpd reference implementation contains multiple vulnerabilities

CVE-2015-1798 CVE-2015-1799 NTPD VU#374268

  • Please log in to reply
No replies to this topic

#1 Dave Farrow

Dave Farrow

    PSIRT

  • Moderators
  • 33 posts

Posted 13 April 2015 - 08:03 PM

On April 7, 2015, CERT released Vulnerability Note VU#374268 related to two NTP vulnerabilities: CVE-2015-1798 and CVE-2015-1799

We have investigated the report and determined that the following Barracuda products do not run NTPD and therefore are not vulnerable to these issues:

* Barracuda Spam Firewall
* Barracuda Web Filter
* Barracuda Message Archiver
* Barracuda Load Balancer
* Barracuda Load Balancer ADC
* Barracuda Web Application Firewall

The following Barracuda products are using NTPD but are configured in such as way as to not be vulnerable to the reported issues:

* Barracuda NG Firewall
* Barracuda Firewall
* Barracuda Backup Server