RedHatRHSA-2009:1039(RHSA-2009:1039) Important: ntp security update
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.5%
The Network Time Protocol (NTP) is used to synchronize a computer’s time
with a referenced time source.
A buffer overflow flaw was discovered in the ntpd daemon’s NTPv4
authentication code. If ntpd was configured to use public key cryptography
for NTP packet authentication, a remote attacker could use this flaw to
send a specially-crafted request packet that could crash ntpd.
(CVE-2009-1252)
Note: NTP authentication is not enabled by default.
A buffer overflow flaw was found in the ntpq diagnostic command. A
malicious, remote server could send a specially-crafted reply to an ntpq
request that could crash ntpq. (CVE-2009-0159)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing the
update, the ntpd daemon will be restarted automatically.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 5 | i386 | ntp | < 4.2.2p1-9.el5_3.2 | ntp-4.2.2p1-9.el5_3.2.i386.rpm |
| RedHat | 5 | ppc | ntp | < 4.2.2p1-9.el5_3.2 | ntp-4.2.2p1-9.el5_3.2.ppc.rpm |
| RedHat | 5 | x86_64 | ntp | < 4.2.2p1-9.el5_3.2 | ntp-4.2.2p1-9.el5_3.2.x86_64.rpm |
| RedHat | 5 | src | ntp | < 4.2.2p1-9.el5_3.2 | ntp-4.2.2p1-9.el5_3.2.src.rpm |
| RedHat | 5 | ia64 | ntp | < 4.2.2p1-9.el5_3.2 | ntp-4.2.2p1-9.el5_3.2.ia64.rpm |
| RedHat | 5 | s390x | ntp | < 4.2.2p1-9.el5_3.2 | ntp-4.2.2p1-9.el5_3.2.s390x.rpm |
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.5%