The NTP (network time protocol) vulnerability is a security flaw in the standard implementation of the network time protocol (NTP) that can be exploited to compromise servers and devices that run UNIX-like operating systems.
This vulnerability has the CVE ID CVE-2014-9295.
Impact: Synthetic Monitoring is affected.
Details
You may be aware of the news related to a security flaw in the standard implementation of the network time protocol (NTP) that can be exploited to compromise servers and devices that run UNIX-like operating systems. Machines running a vulnerable version of the NTP daemon (nptd) could be impacted.
This vulnerability has the National Cyber Awareness System tracking ID CVE-2014-9295 and is causing companies to patch affected systems. We have evaluated the Dynatrace Synthetic Monitoring system and listed its vulnerability status below.
| Component | Affected | Description |
|---|---|---|
| Backbone Node Network Private Agent Node Network Last Mile Peer Network Private Last Mile Peer Network Streaming Node Network Mobile Node Network |
No | These networks are all Microsoft Windows based, so are not affected by this vulnerability. |
| Web Load Testing | Yes | Web Load Testing is run on Linux servers. These servers are not able to accept an external NTP request so are at low risk to this vulnerability. As a precaution, we are updating the NTP daemon software on these servers as patches become available. |
| Web Services | No | Web Services is Microsoft Windows based so it is not affected by this vulnerability. |
| GPN Portal | No | The GPN Portal is Microsoft Windows based so it is not affected by this vulnerability. |
| Dynatrace Portal | Yes | The Dynatrace Portal is run on Linux servers. These servers are not able to accept an external NTP request so are at low risk to this vulnerability. As a precaution, we are updating the NTP daemon software on these servers as patches become available. |