 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2014.0541 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2014-0541) |
| Resumen: | The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2014-0541 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2014-0541 advisory. Vulnerability Insight: Updated ntp packages fix security vulnerabilities: If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated (CVE-2014-9293). ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys (CVE-2014-9294). A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process (CVE-2014-9295). A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker (CVE-2014-9296). The ntp package has been patched to fix these issues. Affected Software/OS: 'ntp' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9293 BugTraq ID: 71757 http://www.securityfocus.com/bid/71757 CERT/CC vulnerability note: VU#852879 http://www.kb.cert.org/vuls/id/852879 Cisco Security Advisory: 20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd HPdes Security Advisory: HPSBGN03277 http://marc.info/?l=bugtraq&m=142590659431171&w=2 HPdes Security Advisory: HPSBOV03505 http://marc.info/?l=bugtraq&m=144182594518755&w=2 HPdes Security Advisory: HPSBPV03266 http://marc.info/?l=bugtraq&m=142469153211996&w=2 HPdes Security Advisory: HPSBUX03240 http://marc.info/?l=bugtraq&m=142853370924302&w=2 HPdes Security Advisory: SSRT101872 http://www.mandriva.com/security/advisories?name=MDVSA-2015:003 https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8 RedHat Security Advisories: RHSA-2014:2025 http://rhn.redhat.com/errata/RHSA-2014-2025.html RedHat Security Advisories: RHSA-2015:0104 http://rhn.redhat.com/errata/RHSA-2015-0104.html http://secunia.com/advisories/62209 Common Vulnerability Exposure (CVE) ID: CVE-2014-9294 BugTraq ID: 71762 http://www.securityfocus.com/bid/71762 Common Vulnerability Exposure (CVE) ID: CVE-2014-9295 BugTraq ID: 71761 http://www.securityfocus.com/bid/71761 SuSE Security Announcement: openSUSE-SU-2014:1670 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9296 BugTraq ID: 71758 http://www.securityfocus.com/bid/71758 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |