1468 matches found
ntp security update
CentOS Errata and Security Advisory CESA-2009:1040 An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to...
DSA-1801-1 ntp - several vulnerabilities
Bulletin has no description...
ntp: remote arbitrary code execution vulnerability if autokeys is enabled
Stack-based buffer overflow in the cryptorecv function in ntpcrypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field...
Critical: Red Hat Security Advisory: ntp security update
An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time...
ntp: remote arbitrary code execution vulnerability if autokeys is enabled
Stack-based buffer overflow in the cryptorecv function in ntpcrypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field...
ntp: buffer overflow in ntpq
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response...
Important: Red Hat Security Advisory: ntp security update
An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced tim...
ntpd autokey stack buffer overflow
Overview ntpd contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time wit...
DEBIAN-CVE-2009-0159
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response...
NTP ntpq命令远程栈溢出溢出漏洞
BUGTRAQ ID: 34481 CVECAN ID: CVE-2009-0159 NTP(Network Time Protocol)是用于通过网络同步计算机时钟的协议。 ntpq程序中存在栈溢出漏洞。如果用户使用ntpq命令从远程时间服务器请求了对等端信息且服务器返回了恶意响应的话,就可能触发这个溢出。由于溢出仅限于两个字节,因此最可能的结果是拒绝服务。 University of Delaware NTP 4.2.4 厂商补丁: University of Delaware ----------------------...
RedHat Security Advisory RHSA-2009:0046
The remote host is missing updates announced in advisory RHSA-2009:0046. The Network Time Protocol NTP is used to synchronize a computer SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...
Moderate: Red Hat Security Advisory: ntp security update
Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced ti...
ntp incorrectly checks for malformed signatures
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...
RHEL 4 / 5 : ntp (RHSA-2009:0046)
Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced ti...
Update Protection against Multiple Vendors NTP Mode 7 Denial of Service
A denial of service vulnerability exists in the Network Time Protocol NTP, a product shipped by many vendors. The vulnerability is due to incorrect handling of mode 7 MODEPRIVATE requests. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted mode 7...
[SECURITY] Fedora 10 Update: ntp-4.2.4p6-1.fc10
The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...
[SECURITY] Fedora 9 Update: ntp-4.2.4p6-1.fc9
The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...
FreeBSD Security Advisory (FreeBSD-SA-09:03.ntpd.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:03.ntpd.asc ADV FreeBSD-SA-09:03.ntpd.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-09:03.ntpd.asc Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...
Debian DSA-1702-1 : ntp - interpretation conflict
It has been discovered that NTP, an implementation of the Network Time Protocol, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which may ultimately lead to the acceptance of unauthenticated time information. Note that cryptographic authenticatio...
[SECURITY] [DSA 1702-1] New ntp packages fix cryptographic weakness
------------------------------------------------------------------------ Debian Security Advisory DSA-1702-1 [email protected] http://www.debian.org/security/ Florian Weimer January 12, 2009 http://www.debian.org/security/faq -...