ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0134
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0134)
Resumen:	The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2017-0134 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ntp' package(s) announced via the MGASA-2017-0134 advisory. Vulnerability Insight: A vulnerability was found in NTP, in the legacy MX4200 refclock implementation. If this refclock was compiled in and used, an attacker may be able to induce stack overflow, leading to a crash or potential code execution (CVE-2017-6451). A vulnerability was found in NTP, in the building of response packets with custom fields. If custom fields were configured in ntp.conf with particularly long names, inclusion of these fields in the response packet could cause a buffer overflow, leading to a crash (CVE-2017-6458). A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash (CVE-2017-6462). A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message (CVE-2017-6463). A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message (CVE-2017-6464). Affected Software/OS: 'ntp' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6451 BugTraq ID: 97058 http://www.securityfocus.com/bid/97058 http://www.securitytracker.com/id/1038123 http://www.securitytracker.com/id/1039427 Common Vulnerability Exposure (CVE) ID: CVE-2017-6458 BugTraq ID: 97051 http://www.securityfocus.com/bid/97051 Bugtraq: 20170422 [slackware-security] ntp (SSA:2017-112-02) (Google Search) http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/ http://seclists.org/fulldisclosure/2017/Sep/62 http://seclists.org/fulldisclosure/2017/Nov/7 http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 http://www.ubuntu.com/usn/USN-3349-1 Common Vulnerability Exposure (CVE) ID: CVE-2017-6462 BugTraq ID: 97045 http://www.securityfocus.com/bid/97045 FreeBSD Security Advisory: FreeBSD-SA-17:03 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc RedHat Security Advisories: RHSA-2017:3071 https://access.redhat.com/errata/RHSA-2017:3071 RedHat Security Advisories: RHSA-2018:0855 https://access.redhat.com/errata/RHSA-2018:0855 https://usn.ubuntu.com/3707-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-6463 BugTraq ID: 97049 http://www.securityfocus.com/bid/97049 Common Vulnerability Exposure (CVE) ID: CVE-2017-6464 BugTraq ID: 97050 http://www.securityfocus.com/bid/97050
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.