Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0195
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0195)
Zusammenfassung:	The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2018-0195 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2018-0195 advisory. Vulnerability Insight: This release addresses five security issues in ntpd for Mageia 6: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak Reported by Yihan Lian of Qihoo 360. LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. one security issue in ntpq: MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its buffer limit. Reported by Michael Macnair of Thales-esecurity.com. and provides over 33 bugfixes and 32 other improvements. ENotification of these issues were delivered to our Institutional members on a rolling basis as they were reported and as progress was made. Affected Software/OS: 'ntp' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1549 BugTraq ID: 88200 http://www.securityfocus.com/bid/88200 FreeBSD Security Advisory: FreeBSD-SA-18:02 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc https://security.gentoo.org/glsa/201607-15 http://www.talosintelligence.com/reports/TALOS-2016-0083/ http://www.securitytracker.com/id/1035705 Common Vulnerability Exposure (CVE) ID: CVE-2018-7170 BugTraq ID: 103194 http://www.securityfocus.com/bid/103194 Bugtraq: 20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) (Google Search) http://www.securityfocus.com/archive/1/541824/100/0/threaded https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc https://security.gentoo.org/glsa/201805-12 http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html https://bugzilla.redhat.com/show_bug.cgi?id=1550214 Common Vulnerability Exposure (CVE) ID: CVE-2018-7182 BugTraq ID: 103191 http://www.securityfocus.com/bid/103191 https://www.exploit-db.com/exploits/45846/ https://usn.ubuntu.com/3707-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-7183 BugTraq ID: 103351 http://www.securityfocus.com/bid/103351 http://support.ntp.org/bin/view/Main/NtpBug3414 http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://security.netapp.com/advisory/ntap-20180626-0001/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us https://www.synology.com/support/security/Synology_SA_18_13 https://www.oracle.com//security-alerts/cpujul2021.html https://usn.ubuntu.com/3707-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-7184 BugTraq ID: 103192 http://www.securityfocus.com/bid/103192 Common Vulnerability Exposure (CVE) ID: CVE-2018-7185 BugTraq ID: 103339 http://www.securityfocus.com/bid/103339 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.