 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.13.2018.060.02 |
| Categoría: | Slackware Local Security Checks |
| Título: | Slackware: Security Advisory (SSA:2018-060-02) |
| Resumen: | The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2018-060-02 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2018-060-02 advisory. Vulnerability Insight: New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. Reported by Yihan Lian of Qihoo 360. * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'ntp' package(s) on Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-1549 BugTraq ID: 88200 http://www.securityfocus.com/bid/88200 FreeBSD Security Advisory: FreeBSD-SA-18:02 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc https://security.gentoo.org/glsa/201607-15 http://www.talosintelligence.com/reports/TALOS-2016-0083/ http://www.securitytracker.com/id/1035705 Common Vulnerability Exposure (CVE) ID: CVE-2018-7170 BugTraq ID: 103194 http://www.securityfocus.com/bid/103194 Bugtraq: 20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) (Google Search) http://www.securityfocus.com/archive/1/541824/100/0/threaded https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc https://security.gentoo.org/glsa/201805-12 http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html https://bugzilla.redhat.com/show_bug.cgi?id=1550214 Common Vulnerability Exposure (CVE) ID: CVE-2018-7182 BugTraq ID: 103191 http://www.securityfocus.com/bid/103191 https://www.exploit-db.com/exploits/45846/ https://usn.ubuntu.com/3707-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-7184 BugTraq ID: 103192 http://www.securityfocus.com/bid/103192 Common Vulnerability Exposure (CVE) ID: CVE-2018-7185 BugTraq ID: 103339 http://www.securityfocus.com/bid/103339 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://usn.ubuntu.com/3707-2/ |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |