News from 2019-03-18


Meinberg Security Advisory: [MBGSA-1901] NTP and OpenSSL for LANTIME firmware and NTP for Windows


Potential security problems were detected in NTP 4.2.8p12 as well as in OpenSSL 1.0.2q and removed. Therefore, the LANTIME firmware version 6.24.021 and NTP for Windows ntp-4.2.8p13 contain the latest NTP (4.2.8p13) and OpenSSL (1.0.2r) version.

CVE-IDs:

  • NTP:
    CVE-2019-8936 (CVSSv3 Score: 4.2)
  • OpenSSL:
    CVE-2019-1559 (CVSSv3 Score: 5.9)
  • Updated versions:
    NTP: 4.2.8p13
    OpenSSL: 1.0.2r

1. Description of the vulnerabilities

The security vulnerabilities are described in detail on the manufacturer’s webpages and in the NIST National Vulnerability Database (NVD). The links to the descriptions are to be found in the paragraph 4 Further information.

2. Systems affected

All the LANTIME firmware versions prior to V6.24.021 are affected by these mentioned vulnerabilities. The LANTIME firmware is used by all the devices of Meinberg LANTIME M-series (M100, M200, M300, M400, M600, M900), all the devices of the IMS-series (M500, M1000, M1000S, M3000, M3000S, M4000) and by the SyncFire product family (SF1000 / SF1100).

Also, NTP for Windows prior to ntp-4.2.8p13 is affected by both vulnerabilities.

It depends on the configuration, network infrastructure and other factors if and to which degree the LANTIME systems are vulnerable. That’s why, no general statement about the vulnerability of the systems in use, can be made.

3. Possible security measures

The security patches for NTP and OpenSSL are included in the LANTIME firmware version 6.24.021 and in the NTP for Windows version ntp-4.2.8p13. An update to these versions mitigate the vulnerabilities. As of now, all the updates are available for Meinberg customers. It is recommended to update the LANTIME firmware to 6.24.021 and the NTP for Windows version to ntp-4.2.8p13.

4. Further information

Further details and information can be found on the following webpages:

If you have any other questions or you need assistance, please, don’t hesitate to contact your Meinberg support service.


Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact