dos vulnerability | Breaking Cybersecurity News | The Hacker News

A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet. The vulnerability has been patched by the Network Time Foundation with the release of NTP 4.2.8p9, which includes a total of 40 security patches, bug fixes, and improvements. The NTP daemon is used in almost every device that needs to synchronize time on computer clocks. NTP got the most attention in late 2014 and 2015 when hackers used it to launch highly amplified DDoS attacks against services. The flaw which affects NTP.org's nptd versions prior to 4.2.8p9, but not including ntp-4.3.94, has been discovered by security researcher Magnus Stubman, who privately disclosed it to the Network Time Foundation on June 24. A patch for the vulnerability was developed and sent to Stubman on 29th September and just two days later, the researcher acknowledged t...