Test ID:	1.3.6.1.4.1.25623.1.0.66519
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2009-343-01)
Summary:	The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2009-343-01 advisory.
Description:	Summary: The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2009-343-01 advisory. Vulnerability Insight: New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. If a spoofed mode 7 packet is sent to a vulnerable NTP daemon it may cause CPU and/or disk space exhaustion, resulting in a denial of service. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 13.0 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.4p8-i486-1_slack13.0.txz: Upgraded. Prevent a denial-of-service attack involving spoofed mode 7 packets. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'ntp' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3563 AIX APAR: IZ68659 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659 AIX APAR: IZ71047 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047 BugTraq ID: 37255 http://www.securityfocus.com/bid/37255 CERT/CC vulnerability note: VU#417980 https://www.kb.cert.org/vuls/id/417980 CERT/CC vulnerability note: VU#568372 http://www.kb.cert.org/vuls/id/568372 Debian Security Information: DSA-1948 (Google Search) http://www.debian.org/security/2009/dsa-1948 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html HPdes Security Advisory: HPSBUX02639 http://marc.info/?l=bugtraq&m=130168580504508&w=2 HPdes Security Advisory: HPSBUX02859 http://marc.info/?l=bugtraq&m=136482797910018&w=2 HPdes Security Advisory: SSRT100293 HPdes Security Advisory: SSRT101144 https://lists.ntp.org/pipermail/announce/2009-December/000086.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html NETBSD Security Advisory: NetBSD-SA2010-005 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076 RedHat Security Advisories: RHSA-2009:1648 https://rhn.redhat.com/errata/RHSA-2009-1648.html RedHat Security Advisories: RHSA-2009:1651 https://rhn.redhat.com/errata/RHSA-2009-1651.html RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://securitytracker.com/id?1023298 http://secunia.com/advisories/37629 http://secunia.com/advisories/37922 http://secunia.com/advisories/38764 http://secunia.com/advisories/38794 http://secunia.com/advisories/38832 http://secunia.com/advisories/38834 http://secunia.com/advisories/39593 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1 http://www.vupen.com/english/advisories/2010/0510 http://www.vupen.com/english/advisories/2010/0528 http://www.vupen.com/english/advisories/2010/0993
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.