(RHSA-2009:0046) Moderate: ntp security update

2009-01-2900:00:00

access.redhat.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

78.6%

JSON

The Network Time Protocol (NTP) is used to synchronize a computer’s time
with a referenced time source.

A flaw was discovered in the way the ntpd daemon checked the return value
of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)

Note: This issue only affects systems that have enabled NTP authentication.
By default, NTP authentication is not enabled.

All ntp users are advised to upgrade to the updated packages, which contain
a backported patch to resolve this issue. After installing the update, the
ntpd daemon will restart automatically.

OSVersionArchitecturePackageVersionFilename
RedHat5x86_64ntp< 4.2.2p1-9.el5_3.1ntp-4.2.2p1-9.el5_3.1.x86_64.rpm
RedHat5ia64ntp< 4.2.2p1-9.el5_3.1ntp-4.2.2p1-9.el5_3.1.ia64.rpm
RedHat4i386ntp< 4.2.0.a.20040617-8.el4_7.1ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm
RedHat4ppcntp< 4.2.0.a.20040617-8.el4_7.1ntp-4.2.0.a.20040617-8.el4_7.1.ppc.rpm
RedHat4ia64ntp< 4.2.0.a.20040617-8.el4_7.1ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm
RedHat4s390xntp< 4.2.0.a.20040617-8.el4_7.1ntp-4.2.0.a.20040617-8.el4_7.1.s390x.rpm
RedHat4srcntp< 4.2.0.a.20040617-8.el4_7.1ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm
RedHat5ppcntp< 4.2.2p1-9.el5_3.1ntp-4.2.2p1-9.el5_3.1.ppc.rpm
RedHat4s390ntp< 4.2.0.a.20040617-8.el4_7.1ntp-4.2.0.a.20040617-8.el4_7.1.s390.rpm
RedHat5s390xntp< 4.2.2p1-9.el5_3.1ntp-4.2.2p1-9.el5_3.1.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	x86_64	ntp	< 4.2.2p1-9.el5_3.1	ntp-4.2.2p1-9.el5_3.1.x86_64.rpm
RedHat	5	ia64	ntp	< 4.2.2p1-9.el5_3.1	ntp-4.2.2p1-9.el5_3.1.ia64.rpm
RedHat	4	i386	ntp	< 4.2.0.a.20040617-8.el4_7.1	ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm
RedHat	4	ppc	ntp	< 4.2.0.a.20040617-8.el4_7.1	ntp-4.2.0.a.20040617-8.el4_7.1.ppc.rpm
RedHat	4	ia64	ntp	< 4.2.0.a.20040617-8.el4_7.1	ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm
RedHat	4	s390x	ntp	< 4.2.0.a.20040617-8.el4_7.1	ntp-4.2.0.a.20040617-8.el4_7.1.s390x.rpm
RedHat	4	src	ntp	< 4.2.0.a.20040617-8.el4_7.1	ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm
RedHat	5	ppc	ntp	< 4.2.2p1-9.el5_3.1	ntp-4.2.2p1-9.el5_3.1.ppc.rpm
RedHat	4	s390	ntp	< 4.2.0.a.20040617-8.el4_7.1	ntp-4.2.0.a.20040617-8.el4_7.1.s390.rpm
RedHat	5	s390x	ntp	< 4.2.2p1-9.el5_3.1	ntp-4.2.2p1-9.el5_3.1.s390x.rpm