Test ID:	1.3.6.1.4.1.25623.1.0.66671
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2009:328 (ntp)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ntp announced via advisory MDVSA-2009:328. A vulnerability has been found and corrected in ntp: Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages (CVE-2009-3563). This update provides a solution to this vulnerability. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:328 Risk factor : High CVSS Score: 6.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3563 AIX APAR: IZ68659 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659 AIX APAR: IZ71047 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047 BugTraq ID: 37255 http://www.securityfocus.com/bid/37255 CERT/CC vulnerability note: VU#417980 https://www.kb.cert.org/vuls/id/417980 CERT/CC vulnerability note: VU#568372 http://www.kb.cert.org/vuls/id/568372 Debian Security Information: DSA-1948 (Google Search) http://www.debian.org/security/2009/dsa-1948 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html HPdes Security Advisory: HPSBUX02639 http://marc.info/?l=bugtraq&m=130168580504508&w=2 HPdes Security Advisory: HPSBUX02859 http://marc.info/?l=bugtraq&m=136482797910018&w=2 HPdes Security Advisory: SSRT100293 HPdes Security Advisory: SSRT101144 https://lists.ntp.org/pipermail/announce/2009-December/000086.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html NETBSD Security Advisory: NetBSD-SA2010-005 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076 RedHat Security Advisories: RHSA-2009:1648 https://rhn.redhat.com/errata/RHSA-2009-1648.html RedHat Security Advisories: RHSA-2009:1651 https://rhn.redhat.com/errata/RHSA-2009-1651.html RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://securitytracker.com/id?1023298 http://secunia.com/advisories/37629 http://secunia.com/advisories/37922 http://secunia.com/advisories/38764 http://secunia.com/advisories/38794 http://secunia.com/advisories/38832 http://secunia.com/advisories/38834 http://secunia.com/advisories/39593 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1 http://www.vupen.com/english/advisories/2010/0510 http://www.vupen.com/english/advisories/2010/0528 http://www.vupen.com/english/advisories/2010/0993
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.