Hi all,
Scan results showed a vulnerability (cve-2009-1252) in the ntpd 4.2.0 in all juniper equipenemtns we have which is resolved in other versions like 4.2.5,. this vulnerability can cause DoS when the autokey and openssl are enabled.
after checking the kB section, I found that junos is not concerned with this vulnerability as described in kb21459, because the autokey security model is disable by default.
All equipments are in the recommended release.
how can I prove this to the audit organisation? can I get the ntp.conf file inside the junos?
kb : https://kb.juniper.net/InfoCenter/index?page=content&id=KB21459&smlogin=true&actp=search
cve : http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252
juniper products : srx650 , srx 240 , ex2200 , ex3300 and ex4200
#cve-2009-1252#NTP#srx240xdos#SRX650#stackbuffueroverflow