English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.13.2016.120.01
Kategorie:Slackware Local Security Checks
Titel:Slackware: Security Advisory (SSA:2016-120-01)
Zusammenfassung:The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2016-120-01 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2016-120-01 advisory.

Vulnerability Insight:
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded.
This release patches several low and medium severity security issues:
CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
CVE-2016-1549: Sybil vulnerability: ephemeral association attack,
AKA: ntp-sybil - MITIGATION ONLY
CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion
botch
CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
properly validated
CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with
MATCH_ASSOC
CVE-2016-2519: ctl_getitem() return value not always checked
CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
CVE-2015-7704: KoD fix: peer associations were broken by the fix for
NtpBug2901, AKA: Symmetric active/passive mode is broken
CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,
authdecrypt-timing, AKA: authdecrypt-timing
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'ntp' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-7704
BugTraq ID: 77280
http://www.securityfocus.com/bid/77280
CERT/CC vulnerability note: VU#718152
https://www.kb.cert.org/vuls/id/718152
Debian Security Information: DSA-3388 (Google Search)
http://www.debian.org/security/2015/dsa-3388
https://security.gentoo.org/glsa/201607-15
https://eprint.iacr.org/2015/1020.pdf
https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016
https://www.cs.bu.edu/~goldbe/NTPattack.html
RedHat Security Advisories: RHSA-2015:1930
http://rhn.redhat.com/errata/RHSA-2015-1930.html
RedHat Security Advisories: RHSA-2015:2520
http://rhn.redhat.com/errata/RHSA-2015-2520.html
http://www.securitytracker.com/id/1033951
Common Vulnerability Exposure (CVE) ID: CVE-2015-8138
BugTraq ID: 81811
http://www.securityfocus.com/bid/81811
Cisco Security Advisory: 20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
Cisco Security Advisory: 20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
Cisco Security Advisory: 20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
Debian Security Information: DSA-3629 (Google Search)
http://www.debian.org/security/2016/dsa-3629
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html
FreeBSD Security Advisory: FreeBSD-SA-16:16
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
RedHat Security Advisories: RHSA-2016:0063
http://rhn.redhat.com/errata/RHSA-2016-0063.html
http://www.securitytracker.com/id/1034782
SuSE Security Announcement: SUSE-SU-2016:1175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
SuSE Security Announcement: SUSE-SU-2016:1177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
SuSE Security Announcement: SUSE-SU-2016:1247 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:1311 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
SuSE Security Announcement: SUSE-SU-2016:1912 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
SuSE Security Announcement: SUSE-SU-2016:2094 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
SuSE Security Announcement: openSUSE-SU-2016:1292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:1423 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://www.ubuntu.com/usn/USN-3096-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1547
BugTraq ID: 88276
http://www.securityfocus.com/bid/88276
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
http://www.talosintelligence.com/reports/TALOS-2016-0081/
RedHat Security Advisories: RHSA-2016:1141
https://access.redhat.com/errata/RHSA-2016:1141
RedHat Security Advisories: RHSA-2016:1552
http://rhn.redhat.com/errata/RHSA-2016-1552.html
http://www.securitytracker.com/id/1035705
Common Vulnerability Exposure (CVE) ID: CVE-2016-1548
BugTraq ID: 88264
http://www.securityfocus.com/bid/88264
Bugtraq: 20160429 [slackware-security] ntp (SSA:2016-120-01) (Google Search)
http://www.securityfocus.com/archive/1/538233/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
https://www.debian.org/security/2016/dsa-3629
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
http://www.talosintelligence.com/reports/TALOS-2016-0082/
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082
SuSE Security Announcement: SUSE-SU-2016:1278 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
SuSE Security Announcement: SUSE-SU-2016:1291 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
SuSE Security Announcement: SUSE-SU-2016:1471 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
SuSE Security Announcement: SUSE-SU-2016:1568 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
SuSE Security Announcement: openSUSE-SU-2016:1329 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-1549
BugTraq ID: 88200
http://www.securityfocus.com/bid/88200
http://www.talosintelligence.com/reports/TALOS-2016-0083/
Common Vulnerability Exposure (CVE) ID: CVE-2016-1550
BugTraq ID: 88261
http://www.securityfocus.com/bid/88261
http://www.talosintelligence.com/reports/TALOS-2016-0084/
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084
Common Vulnerability Exposure (CVE) ID: CVE-2016-1551
BugTraq ID: 88219
http://www.securityfocus.com/bid/88219
http://www.talosintelligence.com/reports/TALOS-2016-0132/
Common Vulnerability Exposure (CVE) ID: CVE-2016-2516
BugTraq ID: 88180
http://www.securityfocus.com/bid/88180
Common Vulnerability Exposure (CVE) ID: CVE-2016-2517
BugTraq ID: 88189
http://www.securityfocus.com/bid/88189
Common Vulnerability Exposure (CVE) ID: CVE-2016-2518
BugTraq ID: 88226
http://www.securityfocus.com/bid/88226
Common Vulnerability Exposure (CVE) ID: CVE-2016-2519
BugTraq ID: 88204
http://www.securityfocus.com/bid/88204
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.