Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.880810
Kategorie:CentOS Local Security Checks
Titel:CentOS Update for ntp CESA-2009:1648 centos5 i386
Zusammenfassung:The remote host is missing an update for the 'ntp'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'ntp'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.

Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled
certain malformed NTP packets. ntpd logged information about all such
packets and replied with an NTP packet that was treated as malformed when
received by another ntpd. A remote attacker could use this flaw to create
an NTP packet reply loop between two ntpd servers via a malformed packet
with a spoofed source IP address and port, causing ntpd on those servers to
use excessive amounts of CPU time and fill disk space with log messages.
(CVE-2009-3563)

All ntp users are advised to upgrade to this updated package, which
contains a backported patch to resolve this issue. After installing the
update, the ntpd daemon will restart automatically.

Affected Software/OS:
ntp on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-3563
AIX APAR: IZ68659
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659
AIX APAR: IZ71047
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047
BugTraq ID: 37255
http://www.securityfocus.com/bid/37255
CERT/CC vulnerability note: VU#568372
http://www.kb.cert.org/vuls/id/568372
Debian Security Information: DSA-1948 (Google Search)
http://www.debian.org/security/2009/dsa-1948
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html
HPdes Security Advisory: HPSBUX02639
http://marc.info/?l=bugtraq&m=130168580504508&w=2
HPdes Security Advisory: HPSBUX02859
http://marc.info/?l=bugtraq&m=136482797910018&w=2
HPdes Security Advisory: SSRT100293
HPdes Security Advisory: SSRT101144
https://lists.ntp.org/pipermail/announce/2009-December/000086.html
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
NETBSD Security Advisory: NetBSD-SA2010-005
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076
RedHat Security Advisories: RHSA-2009:1648
https://rhn.redhat.com/errata/RHSA-2009-1648.html
RedHat Security Advisories: RHSA-2009:1651
https://rhn.redhat.com/errata/RHSA-2009-1651.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://securitytracker.com/id?1023298
http://secunia.com/advisories/37629
http://secunia.com/advisories/37922
http://secunia.com/advisories/38764
http://secunia.com/advisories/38794
http://secunia.com/advisories/38832
http://secunia.com/advisories/38834
http://secunia.com/advisories/39593
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1
http://www.vupen.com/english/advisories/2010/0510
http://www.vupen.com/english/advisories/2010/0528
http://www.vupen.com/english/advisories/2010/0993
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.