ID de Prueba:	1.3.6.1.4.1.25623.1.0.64116
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2009-154-01)
Resumen:	The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2009-154-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2009-154-01 advisory. Vulnerability Insight: New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [links moved to references] Here are the details from the Slackware 12.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.4p7-i486-1_slack12.2.tgz: Upgraded to ntp-4.2.4p7. Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code execution by a malicious remote NTP server. Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 allows remote attackers to execute arbitrary code. This does not affect the Slackware ntpd as it does not link with openssl. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'ntp' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0159 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 34481 http://www.securityfocus.com/bid/34481 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1801 (Google Search) http://www.debian.org/security/2009/dsa-1801 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml HPdes Security Advisory: HPSBUX02859 http://marc.info/?l=bugtraq&m=136482797910018&w=2 HPdes Security Advisory: SSRT101144 http://www.mandriva.com/security/advisories?name=MDVSA-2009:092 NETBSD Security Advisory: NetBSD-SA2009-006 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc http://osvdb.org/53593 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634 RedHat Security Advisories: RHSA-2009:1039 http://rhn.redhat.com/errata/RHSA-2009-1039.html RedHat Security Advisories: RHSA-2009:1040 http://rhn.redhat.com/errata/RHSA-2009-1040.html RedHat Security Advisories: RHSA-2009:1651 https://rhn.redhat.com/errata/RHSA-2009-1651.html http://www.securitytracker.com/id?1022033 http://secunia.com/advisories/34608 http://secunia.com/advisories/35074 http://secunia.com/advisories/35137 http://secunia.com/advisories/35138 http://secunia.com/advisories/35166 http://secunia.com/advisories/35169 http://secunia.com/advisories/35253 http://secunia.com/advisories/35308 http://secunia.com/advisories/35336 http://secunia.com/advisories/35416 http://secunia.com/advisories/35630 http://secunia.com/advisories/37471 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html https://usn.ubuntu.com/777-1/ http://www.vupen.com/english/advisories/2009/0999 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/3316 XForce ISS Database: ntp-cookedprint-bo(49838) https://exchange.xforce.ibmcloud.com/vulnerabilities/49838 Common Vulnerability Exposure (CVE) ID: CVE-2009-1252 BugTraq ID: 35017 http://www.securityfocus.com/bid/35017 CERT/CC vulnerability note: VU#853097 http://www.kb.cert.org/vuls/id/853097 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html FreeBSD Security Advisory: FreeBSD-SA-09:11 http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc http://www.mandriva.com/security/advisories?name=MDVSA-2009:117 https://launchpad.net/bugs/cve/2009-1252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307 http://www.securitytracker.com/id?1022243 http://secunia.com/advisories/35243 http://secunia.com/advisories/35388 http://secunia.com/advisories/37470 http://www.vupen.com/english/advisories/2009/1361
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.