Red Hat Local Security Checks : RedHat Security Advisory RHSA-2006:0393

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57245

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2006:0393

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2006:0393.

The Network Time Protocol (NTP) is used to synchronize a computer's time
with a reference time source.

The NTP daemon (ntpd), when run with the -u option and using a string to
specify the group, uses the group ID of the user instead of the group,
which causes ntpd to run with different privileges than intended.
(CVE-2005-2496)

The following issues have also been addressed in this update:
- - The init script had several problems
- - The script executed on upgrade could fail
- - The man page for ntpd indicated the wrong option for specifying a chroot
directory
- - The ntp daemon could crash with the message Exiting: No more memory!
- - There is a new option for syncing the hardware clock after a successful
run of ntpdate

Users of ntp should upgrade to these updated packages, which resolve these
issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0393.html
http://www.redhat.com/security/updates/classification/#low

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-2496
1016679
http://securitytracker.com/id?1016679
14673
http://www.securityfocus.com/bid/14673
16602
http://secunia.com/advisories/16602
19055
http://www.osvdb.org/19055
21464
http://secunia.com/advisories/21464
ADV-2005-1561
http://www.vupen.com/english/advisories/2005/1561
DSA-801
http://www.debian.org/security/2005/dsa-801
FEDORA-2005-812
http://www.securityspace.com/smysecure/catid.html?id=55155
MDKSA-2005:156
http://www.mandriva.com/security/advisories?name=MDKSA-2005:156
RHSA-2006:0393
http://www.redhat.com/support/errata/RHSA-2006-0393.html
ntp-incorrect-group-permissions(22035)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22035
oval:org.mitre.oval:def:9669
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57245
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0393
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0393. The Network Time Protocol (NTP) is used to synchronize a computer's time with a reference time source. The NTP daemon (ntpd), when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes ntpd to run with different privileges than intended. (CVE-2005-2496) The following issues have also been addressed in this update: - - The init script had several problems - - The script executed on upgrade could fail - - The man page for ntpd indicated the wrong option for specifying a chroot directory - - The ntp daemon could crash with the message Exiting: No more memory! - - There is a new option for syncing the hardware clock after a successful run of ntpdate Users of ntp should upgrade to these updated packages, which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0393.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2496 1016679 http://securitytracker.com/id?1016679 14673 http://www.securityfocus.com/bid/14673 16602 http://secunia.com/advisories/16602 19055 http://www.osvdb.org/19055 21464 http://secunia.com/advisories/21464 ADV-2005-1561 http://www.vupen.com/english/advisories/2005/1561 DSA-801 http://www.debian.org/security/2005/dsa-801 FEDORA-2005-812 http://www.securityspace.com/smysecure/catid.html?id=55155 MDKSA-2005:156 http://www.mandriva.com/security/advisories?name=MDKSA-2005:156 RHSA-2006:0393 http://www.redhat.com/support/errata/RHSA-2006-0393.html ntp-incorrect-group-permissions(22035) https://exchange.xforce.ibmcloud.com/vulnerabilities/22035 oval:org.mitre.oval:def:9669 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com