NTP vulnerabilities

RouterOS General
1

NTP vuln is pretty widespread with many vendors, but how each responds to it is what separates the men from the boys.

The 6.25 rc changelog says it fixes NTP vulnerabilities. Does that mean all previous versions have vulnerabilities? Please share more.

An ideal thing for MT to do would be say “this is a vulnerability, please work around with this firewall rule. It affects versions a,b,c… We’re working on a software update.”

2

I just didn’t update…

hope there would be no problem with that :smiley:

3

Fix was released in December: http://forum.mikrotik.com/t/for-vu-852879-of-ntpd/83923/1

RouterOS all versions are only affected by the buffer overflow problem, but if you have default config, your public interface already has firewall.