English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.66472
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2009:1648
Resumen:The remote host is missing updates announced in;advisory RHSA-2009:1648.;;The Network Time Protocol (NTP) is used to synchronize a computer's time;with a referenced time source.;;Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled;certain malformed NTP packets. ntpd logged information about all such;packets and replied with an NTP packet that was treated as malformed when;received by another ntpd. A remote attacker could use this flaw to create;an NTP packet reply loop between two ntpd servers via a malformed packet;with a spoofed source IP address and port, causing ntpd on those servers to;use excessive amounts of CPU time and fill disk space with log messages.;(CVE-2009-3563);;All ntp users are advised to upgrade to this updated package, which;contains a backported patch to resolve this issue. After installing the;update, the ntpd daemon will restart automatically.
Descripción:Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1648.

The Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.

Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled
certain malformed NTP packets. ntpd logged information about all such
packets and replied with an NTP packet that was treated as malformed when
received by another ntpd. A remote attacker could use this flaw to create
an NTP packet reply loop between two ntpd servers via a malformed packet
with a spoofed source IP address and port, causing ntpd on those servers to
use excessive amounts of CPU time and fill disk space with log messages.
(CVE-2009-3563)

All ntp users are advised to upgrade to this updated package, which
contains a backported patch to resolve this issue. After installing the
update, the ntpd daemon will restart automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3563
AIX APAR: IZ68659
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659
AIX APAR: IZ71047
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047
BugTraq ID: 37255
http://www.securityfocus.com/bid/37255
CERT/CC vulnerability note: VU#417980
https://www.kb.cert.org/vuls/id/417980
CERT/CC vulnerability note: VU#568372
http://www.kb.cert.org/vuls/id/568372
Debian Security Information: DSA-1948 (Google Search)
http://www.debian.org/security/2009/dsa-1948
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html
HPdes Security Advisory: HPSBUX02639
http://marc.info/?l=bugtraq&m=130168580504508&w=2
HPdes Security Advisory: HPSBUX02859
http://marc.info/?l=bugtraq&m=136482797910018&w=2
HPdes Security Advisory: SSRT100293
HPdes Security Advisory: SSRT101144
https://lists.ntp.org/pipermail/announce/2009-December/000086.html
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
NETBSD Security Advisory: NetBSD-SA2010-005
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076
RedHat Security Advisories: RHSA-2009:1648
https://rhn.redhat.com/errata/RHSA-2009-1648.html
RedHat Security Advisories: RHSA-2009:1651
https://rhn.redhat.com/errata/RHSA-2009-1651.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://securitytracker.com/id?1023298
http://secunia.com/advisories/37629
http://secunia.com/advisories/37922
http://secunia.com/advisories/38764
http://secunia.com/advisories/38794
http://secunia.com/advisories/38832
http://secunia.com/advisories/38834
http://secunia.com/advisories/39593
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1
http://www.vupen.com/english/advisories/2010/0510
http://www.vupen.com/english/advisories/2010/0528
http://www.vupen.com/english/advisories/2010/0993
CopyrightCopyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.