Question

According to recent NTP Amplification Attacks, I found that firmware of motherboards X9SCA-F is vulnerable. If there is NTP enabled for time synchronization (in Configuration / Date & Time / NTP Enable), then there is NTPd publicly accessible on management IP address. We have also X8DTT-F and there is not this problem. It means, even if NTP is Enabled on these boards, NTPd is not publicly available. Can you fix this problem and make a new version of the firmware for X9SCA-F? Details about NTP vulnerability


http://www.cvedetails.com/cve/CVE-2013-5211/ https://www.us-cert.gov/ncas/alerts/TA14-013A


 

Answer
We have a test firmware 3.20 that addresses this issue. It is available for testing. Please contact support for the link.
Was this FAQ helpful?
YES      NO

Enter Comments Below:
Note: Your comments/feedback should be limited to this FAQ only. For technical support, please send an email to support@supermicro.com.



 Enter your email address below if you'd like technical support staff to reply:


 Please type the Captcha (no space)
G B 7 8

FAQ Stats
FAQ ID Related Category / Keyword Date Posted Code
17908 Hardware Monitoring:
- IPMI
01/21/14


    Print Answer