5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
78.6%
The Network Time Protocol (NTP) is used to synchronize a computer’s time
with a referenced time source.
A flaw was discovered in the way the ntpd daemon checked the return value
of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)
Note: This issue only affects systems that have enabled NTP authentication.
By default, NTP authentication is not enabled.
All ntp users are advised to upgrade to the updated packages, which contain
a backported patch to resolve this issue. After installing the update, the
ntpd daemon will restart automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | ntp | < 4.2.2p1-9.el5_3.1 | ntp-4.2.2p1-9.el5_3.1.x86_64.rpm |
RedHat | 5 | ia64 | ntp | < 4.2.2p1-9.el5_3.1 | ntp-4.2.2p1-9.el5_3.1.ia64.rpm |
RedHat | 4 | i386 | ntp | < 4.2.0.a.20040617-8.el4_7.1 | ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm |
RedHat | 4 | ppc | ntp | < 4.2.0.a.20040617-8.el4_7.1 | ntp-4.2.0.a.20040617-8.el4_7.1.ppc.rpm |
RedHat | 4 | ia64 | ntp | < 4.2.0.a.20040617-8.el4_7.1 | ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm |
RedHat | 4 | s390x | ntp | < 4.2.0.a.20040617-8.el4_7.1 | ntp-4.2.0.a.20040617-8.el4_7.1.s390x.rpm |
RedHat | 4 | src | ntp | < 4.2.0.a.20040617-8.el4_7.1 | ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm |
RedHat | 5 | ppc | ntp | < 4.2.2p1-9.el5_3.1 | ntp-4.2.2p1-9.el5_3.1.ppc.rpm |
RedHat | 4 | s390 | ntp | < 4.2.0.a.20040617-8.el4_7.1 | ntp-4.2.0.a.20040617-8.el4_7.1.s390.rpm |
RedHat | 5 | s390x | ntp | < 4.2.2p1-9.el5_3.1 | ntp-4.2.2p1-9.el5_3.1.s390x.rpm |