| CVE編號 | CVE-2016-3962、CVE-2016-3988、CVE-2016-3989 |
|---|---|
| 影響產品 | •IMS-LANTIME M3000 Version 6.0 and earlier, •IMS-LANTIME M1000 Version 6.0 and earlier, •IMS-LANTIME M500 Version 6.0 and earlier, •LANTIME M900 Version 6.0 and earlier, •LANTIME M600 Version 6.0 and earlier, •LANTIME M400 Version 6.0 and earlier, •LANTIME M300 Version 6.0 and earlier, •LANTIME M200 Version 6.0 and earlier, •LANTIME M100 Version 6.0 and earlier, •SyncFire 1100 Version 6.0 and earlier, and •LCES Version 6.0 and earlier. |
| 解決辦法 | •原廠發佈安全更新連結,請參考使用版本進行更新 https://urldefense.proofpoint.com/v2/url?u=http-3A__www.meinberg.de_download_firmware_lantime_v6_firmware-2D6.20.004-2Dx86.rel&d=BQIFaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=zE5lG3CZZIbdBvT6slVAzQ&m=n4ZBSsrF-RphS7eiqohm3WcJ2BYQUCwQUHwVPHNFa6o&s=WlQnlBzw05tnJ1o29nmeXtGBbNubzjyRPqaWAdpXn5Y&e= |
| 張貼日 | 2016-06-27 |
| 上稿單位 | TWCERT/CC |
•本次安全更新修補了NTP Server之漏洞,該伺服器存在緩衝區溢位弱點,可讓遠端攻擊者權限提升。
•編註:駭客可能利用這種漏洞攻擊方式,傳送特殊之封包至受影響設備,觸發該漏洞,進而達到特殊目的。