60 matches found
OracleVM 3.2 : ntp (OVMSA-2015-0001)
The remote OracleVM system is missing necessary patches to address critical security updates : - Remove default ntp servers in ntp.conf bug 14342986 - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via...
Fedora Update for ntp FEDORA-2014-17367
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : ntp-4.2.6p5-13.fc19 (2014-17395)
Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293, CVE-2014-9296 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introduci...
Fedora Update for ntp FEDORA-2014-17395
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OracleVM 3.3 : ntp (OVMSA-2014-0085)
The remote OracleVM system is missing necessary patches to address critical security updates : - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295 - don't mobiliz...
Fedora 21 : ntp-4.2.6p5-25.fc21 (2014-17367)
Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293, CVE-2014-9296 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introduci...
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2014-356-01)
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-356-01. The text itself...
ntp: multiple issues
Keys explicitly generated by "ntp-keygen -M" should be regenerated. - CVE-2014-9293 weak key generation ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd or to exploit other vulnerabilities. - CVE-2014-9294 weak k...
Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20141220)
Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user...
Oracle Linux 5 : ntp (ELSA-2014-2025)
The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2014-2025 advisory. - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 Tenable has extracted the...
CentOS 5 : ntp (CESA-2014:2025)
Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Fedora Update for ntp FEDORA-2014-17361
Check the version of ntp SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868629";...
Check Point response to NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296)
...
[SECURITY] [DLA 116-1] ntp security update
Package : ntp Version : 4.2.6.p2+dfsg-1+deb6u1 CVE ID : CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 Debian Bug : 773576 Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. CVE-2014-9293 ntpd generated a weak key for its internal...
[SECURITY] [DSA 3108-1] ntp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3108-1 [email protected] http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq -...
CVE-2014-9293
CVE-2014-9293 affects ntpd and is triggered when no authentication key is configured; ntpd may generate a cryptographically weak default key, enabling remote attackers to bypass cryptographic protections via brute-force. The IBM AIX advisory confirms weak default key handling for NTPv3/v4 and lis...
ntp security update
4.2.2p1-18.el5 - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295...
Debian Security Advisory DSA 3108-1 (ntp - security update)
Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. CVE-2014-9293 ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd or to exploit other vulnerabilities...
ntp security update
4.2.6p5-2 - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295 - don't mobilize passive association when authentication fails CVE-2014-9296...
Debian: Security Advisory (DSA-3108-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...