NTP prior to 4.2.8 vulnerable

Tracy Perry

Well-known member
From support.ntp.org (figure most admins know about this already but several folks that run servers don't keep up with it nor update their server/VPS regularly).

NTF's NTP Project has been notified of a number of vulnerabilities from Neel Mehta and Stephen Roettger of Google's Security Team. The two most serious of these issues and four less serious issues have been resolved as of ntp-4.2.8, which was released on 18 December 2014. There are still two less significant issues to be addressed. We're expecting to fix these within the next month.

And from that wonderful ZDNet publication a scare you article.

Main thing is.. if you use NTP and you haven't updated your VPS/Dedi, I'd suggest doing so.