CentOS Local Security Checks : CentOS Update for ntp CESA-2017:3071 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882794

Categoría: CentOS Local Security Checks

Título: CentOS Update for ntp CESA-2017:3071 centos6

Resumen: Check the version of ntp

Descripción: Summary:
Check the version of ntp

Vulnerability Insight:
The Network Time Protocol (NTP) is used to
synchronize a computer's time with another referenced time source. These packages
include the ntpd service which continuously adjusts system time and utilities
used to query and configure the ntpd service.

Security Fix(es):

* Two vulnerabilities were discovered in the NTP server's parsing of
configuration directives. A remote, authenticated attacker could cause ntpd
to crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464)

* A vulnerability was found in NTP, in the parsing of packets from the
/dev/datum device. A malicious device could send crafted messages, causing
ntpd to crash. (CVE-2017-6462)

Red Hat would like to thank the NTP project for reporting these issues.
Upstream acknowledges Cure53 as the original reporter of these issues.

Affected Software/OS:
ntp on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-6462
BugTraq ID: 97045
http://www.securityfocus.com/bid/97045
FreeBSD Security Advisory: FreeBSD-SA-17:03
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
RedHat Security Advisories: RHSA-2017:3071
https://access.redhat.com/errata/RHSA-2017:3071
RedHat Security Advisories: RHSA-2018:0855
https://access.redhat.com/errata/RHSA-2018:0855
http://www.securitytracker.com/id/1038123
https://usn.ubuntu.com/3707-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-6463
BugTraq ID: 97049
http://www.securityfocus.com/bid/97049
Common Vulnerability Exposure (CVE) ID: CVE-2017-6464
BugTraq ID: 97050
http://www.securityfocus.com/bid/97050

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882794
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for ntp CESA-2017:3071 centos6
Resumen:	Check the version of ntp
Descripción:	Summary: Check the version of ntp Vulnerability Insight: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464) * A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash. (CVE-2017-6462) Red Hat would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues. Affected Software/OS: ntp on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6462 BugTraq ID: 97045 http://www.securityfocus.com/bid/97045 FreeBSD Security Advisory: FreeBSD-SA-17:03 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc RedHat Security Advisories: RHSA-2017:3071 https://access.redhat.com/errata/RHSA-2017:3071 RedHat Security Advisories: RHSA-2018:0855 https://access.redhat.com/errata/RHSA-2018:0855 http://www.securitytracker.com/id/1038123 https://usn.ubuntu.com/3707-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-6463 BugTraq ID: 97049 http://www.securityfocus.com/bid/97049 Common Vulnerability Exposure (CVE) ID: CVE-2017-6464 BugTraq ID: 97050 http://www.securityfocus.com/bid/97050
Copyright	Copyright (C) 2017 Greenbone AG