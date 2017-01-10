Citrix: November 2016 NTP Advisory and NetScaler
In November 2016, the NTP project released an advisory that announced ten security issues (CVEs) of which one was rated high severity, and two were rated medium severity. This post addresses the impact of these CVEs against NetScaler.
NetScaler uses a secure default setting for the underlying NTP server, which avoids all of these issues in this advisory. NTP may be further configured from the NetScaler root shell at /nsconfig/ntp.conf to achieve any required settings. In doing so, be sure that the setting does not unsafely expose your appliance to these, or other existing vulnerabilities.
A breakdown of the CVEs from the November advisory follows:
CVE-2016-9312 – the only high severity CVE – does not impact NetScaler since it pertains to Windows systems only. NetScaler does not employ Windows.
CVE-2016-9311 – does not impact NetScaler as NTP on NetScaler does not enable traps, using the notrap qualifier.
CVE-2016-9310 – does not impact NetScaler since default settings ensure that incoming commands are restricted. Customers adding a new timeserver are recommended to add it as
Read the entire article here, November 2016 NTP Advisory and NetScaler
via the fine folks at Citrix Systems, Inc.
Follow @DABCC Follow @douglasabrown
White Papers
VMware: Modernizing your Virtualization Platform – Free Trend Brief
As the mobile-cloud era unfolds, IT organizations must keep pace with accelerating business expectations. But with more and more users to serve, endpoints to manage, and data to protect, in some cases those expectations are outpacing IT’s ability to stay in step. So, how do you close the gap when basic virtualization platforms can’t support […]
Share this:
Simple and Granular Data Protection for Microsoft SQL Server White Paper
What’s New in vSphere 6.5 White Paper
VMware App Volumes 2.12 Deployment Considerations White Paper
Tricerat Simplify Printing Datasheet