ID de Prueba:	1.3.6.1.4.1.25623.1.0.131100
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0413)
Resumen:	The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2015-0413 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2015-0413 advisory. Vulnerability Insight: It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time (CVE-2015-5300). Slow memory leak in CRYPTO_ASSOC with autokey (CVE-2015-7701). Incomplete autokey data packet length checks could result in crash caused by a crafted packet (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702). Clients that receive a KoD should validate the origin timestamp field (CVE-2015-7704). ntpq atoascii() Memory Corruption Vulnerability could result in ntpd crash caused by a crafted packet (CVE-2015-7852). Symmetric association authentication bypass via crypto-NAK (CVE-2015-7871). Affected Software/OS: 'ntp' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5300 BugTraq ID: 77312 http://www.securityfocus.com/bid/77312 Debian Security Information: DSA-3388 (Google Search) http://www.debian.org/security/2015/dsa-3388 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html FreeBSD Security Advisory: FreeBSD-SA-16:02 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 https://www.cs.bu.edu/~goldbe/NTPattack.html http://seclists.org/bugtraq/2016/Feb/164 RedHat Security Advisories: RHSA-2015:1930 http://rhn.redhat.com/errata/RHSA-2015-1930.html http://www.securitytracker.com/id/1034670 SuSE Security Announcement: SUSE-SU:2016:1175 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html SuSE Security Announcement: SUSE-SU:2016:1177 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html SuSE Security Announcement: SUSE-SU:2016:1247 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html SuSE Security Announcement: SUSE-SU:2016:1311 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html SuSE Security Announcement: SUSE-SU:2016:1912 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html SuSE Security Announcement: SUSE-SU:2016:2094 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html SuSE Security Announcement: openSUSE-SU:2016:1292 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html SuSE Security Announcement: openSUSE-SU:2016:1423 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html http://www.ubuntu.com/usn/USN-2783-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7691 BugTraq ID: 77274 http://www.securityfocus.com/bid/77274 https://security.gentoo.org/glsa/201607-15 RedHat Security Advisories: RHSA-2016:0780 http://rhn.redhat.com/errata/RHSA-2016-0780.html RedHat Security Advisories: RHSA-2016:2583 http://rhn.redhat.com/errata/RHSA-2016-2583.html http://www.securitytracker.com/id/1033951 Common Vulnerability Exposure (CVE) ID: CVE-2015-7692 BugTraq ID: 77285 http://www.securityfocus.com/bid/77285 Common Vulnerability Exposure (CVE) ID: CVE-2015-7701 BugTraq ID: 77281 http://www.securityfocus.com/bid/77281 Common Vulnerability Exposure (CVE) ID: CVE-2015-7702 BugTraq ID: 77286 http://www.securityfocus.com/bid/77286 Common Vulnerability Exposure (CVE) ID: CVE-2015-7704 BugTraq ID: 77280 http://www.securityfocus.com/bid/77280 CERT/CC vulnerability note: VU#718152 https://www.kb.cert.org/vuls/id/718152 https://eprint.iacr.org/2015/1020.pdf https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016 RedHat Security Advisories: RHSA-2015:2520 http://rhn.redhat.com/errata/RHSA-2015-2520.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7852 BugTraq ID: 77288 http://www.securityfocus.com/bid/77288 Common Vulnerability Exposure (CVE) ID: CVE-2015-7871 BugTraq ID: 77287 http://www.securityfocus.com/bid/77287 https://security.gentoo.org/glsa/201604-03
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.