Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.850933 |
Category: | SuSE Local Security Checks |
Title: | SUSE: Security Advisory for ntp (SUSE-SU-2015:0259-3) |
Summary: | The remote host is missing an update for the 'ntp'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'ntp' package(s) announced via the referenced advisory. Vulnerability Insight: ntp has been updated to fix four security issues: * CVE-2014-9294: ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9293: The config_auth function, when an auth key is not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9298: ::1 can be spoofed on some operating systems, so ACLs based on IPv6 ::1 addresses could be bypassed. (bsc#910764) * CVE-2014-9297: vallen is not validated in several places in ntp_crypto.c, leading to potential information leak. (bsc#910764) Security Issues: * CVE-2014-9294 * CVE-2014-9293 * CVE-2014-9298 * CVE-2014-9297 Affected Software/OS: ntp on SUSE Linux Enterprise Server 11 SP1 LTSS Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9293 BugTraq ID: 71757 http://www.securityfocus.com/bid/71757 CERT/CC vulnerability note: VU#852879 http://www.kb.cert.org/vuls/id/852879 Cisco Security Advisory: 20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd HPdes Security Advisory: HPSBGN03277 http://marc.info/?l=bugtraq&m=142590659431171&w=2 HPdes Security Advisory: HPSBOV03505 http://marc.info/?l=bugtraq&m=144182594518755&w=2 HPdes Security Advisory: HPSBPV03266 http://marc.info/?l=bugtraq&m=142469153211996&w=2 HPdes Security Advisory: HPSBUX03240 http://marc.info/?l=bugtraq&m=142853370924302&w=2 HPdes Security Advisory: SSRT101872 http://www.mandriva.com/security/advisories?name=MDVSA-2015:003 RedHat Security Advisories: RHSA-2014:2025 http://rhn.redhat.com/errata/RHSA-2014-2025.html RedHat Security Advisories: RHSA-2015:0104 http://rhn.redhat.com/errata/RHSA-2015-0104.html http://secunia.com/advisories/62209 Common Vulnerability Exposure (CVE) ID: CVE-2014-9294 BugTraq ID: 71762 http://www.securityfocus.com/bid/71762 Common Vulnerability Exposure (CVE) ID: CVE-2014-9297 Common Vulnerability Exposure (CVE) ID: CVE-2014-9298 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |