Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.882376
Categoría:CentOS Local Security Checks
Título:CentOS Update for ntp CESA-2016:0063 centos6
Resumen:Check the version of ntp
Descripción:Summary:
Check the version of ntp

Vulnerability Insight:
The Network Time Protocol (NTP) is used to
synchronize a computer's time with a referenced time source.

It was discovered that ntpd as a client did not correctly check the
originate timestamp in received packets. A remote attacker could use this
flaw to send a crafted packet to an ntpd client that would effectively
disable synchronization with the server, or push arbitrary offset/delay
measurements to modify the time on the client. (CVE-2015-8138)

All ntp users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the ntpd daemon will restart automatically.

Affected Software/OS:
ntp on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-8138
BugTraq ID: 81811
http://www.securityfocus.com/bid/81811
CERT/CC vulnerability note: VU#718152
https://www.kb.cert.org/vuls/id/718152
Cisco Security Advisory: 20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
Cisco Security Advisory: 20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
Cisco Security Advisory: 20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
Debian Security Information: DSA-3629 (Google Search)
http://www.debian.org/security/2016/dsa-3629
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html
FreeBSD Security Advisory: FreeBSD-SA-16:09
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
RedHat Security Advisories: RHSA-2016:0063
http://rhn.redhat.com/errata/RHSA-2016-0063.html
http://www.securitytracker.com/id/1034782
SuSE Security Announcement: SUSE-SU-2016:1175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
SuSE Security Announcement: SUSE-SU-2016:1177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
SuSE Security Announcement: SUSE-SU-2016:1247 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:1311 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
SuSE Security Announcement: SUSE-SU-2016:1912 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
SuSE Security Announcement: SUSE-SU-2016:2094 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
SuSE Security Announcement: openSUSE-SU-2016:1292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:1423 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://www.ubuntu.com/usn/USN-3096-1
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.