|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for ntp RHSA-2017:3071-01|
|Summary:||The remote host is missing an update for the 'ntp'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'ntp'
package(s) announced via the referenced advisory.
The Network Time Protocol (NTP) is used
to synchronize a computer's time with another referenced time source. These
packages include the ntpd service which continuously adjusts system time and
utilities used to query and configure the ntpd service.
* Two vulnerabilities were discovered in the NTP server's parsing of
configuration directives. A remote, authenticated attacker could cause ntpd
to crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464)
* A vulnerability was found in NTP, in the parsing of packets from the
/dev/datum device. A malicious device could send crafted messages, causing
ntpd to crash. (CVE-2017-6462)
Red Hat would like to thank the NTP project for reporting these issues.
Upstream acknowledges Cure53 as the original reporter of these issues.
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-6462|
BugTraq ID: 97045
FreeBSD Security Advisory: FreeBSD-SA-17:03
RedHat Security Advisories: RHSA-2017:3071
RedHat Security Advisories: RHSA-2018:0855
Common Vulnerability Exposure (CVE) ID: CVE-2017-6463
BugTraq ID: 97049
Common Vulnerability Exposure (CVE) ID: CVE-2017-6464
BugTraq ID: 97050
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.