 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2014.0541 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2014-0541) |
| Zusammenfassung: | The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2014-0541 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2014-0541 advisory. Vulnerability Insight: Updated ntp packages fix security vulnerabilities: If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated (CVE-2014-9293). ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys (CVE-2014-9294). A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process (CVE-2014-9295). A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker (CVE-2014-9296). The ntp package has been patched to fix these issues. Affected Software/OS: 'ntp' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9293 BugTraq ID: 71757 http://www.securityfocus.com/bid/71757 CERT/CC vulnerability note: VU#852879 http://www.kb.cert.org/vuls/id/852879 Cisco Security Advisory: 20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd HPdes Security Advisory: HPSBGN03277 http://marc.info/?l=bugtraq&m=142590659431171&w=2 HPdes Security Advisory: HPSBOV03505 http://marc.info/?l=bugtraq&m=144182594518755&w=2 HPdes Security Advisory: HPSBPV03266 http://marc.info/?l=bugtraq&m=142469153211996&w=2 HPdes Security Advisory: HPSBUX03240 http://marc.info/?l=bugtraq&m=142853370924302&w=2 HPdes Security Advisory: SSRT101872 http://www.mandriva.com/security/advisories?name=MDVSA-2015:003 https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8 RedHat Security Advisories: RHSA-2014:2025 http://rhn.redhat.com/errata/RHSA-2014-2025.html RedHat Security Advisories: RHSA-2015:0104 http://rhn.redhat.com/errata/RHSA-2015-0104.html http://secunia.com/advisories/62209 Common Vulnerability Exposure (CVE) ID: CVE-2014-9294 BugTraq ID: 71762 http://www.securityfocus.com/bid/71762 Common Vulnerability Exposure (CVE) ID: CVE-2014-9295 BugTraq ID: 71761 http://www.securityfocus.com/bid/71761 SuSE Security Announcement: openSUSE-SU-2014:1670 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9296 BugTraq ID: 71758 http://www.securityfocus.com/bid/71758 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |