Test ID:	1.3.6.1.4.1.25623.1.0.880762
Category:	CentOS Local Security Checks
Title:	CentOS Update for ntp CESA-2009:1039 centos5 i386
Summary:	The remote host is missing an update for the 'ntp'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'ntp' package(s) announced via the referenced advisory. Vulnerability Insight: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd. (CVE-2009-1252) Note: NTP authentication is not enabled by default. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq. (CVE-2009-0159) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will be restarted automatically. Affected Software/OS: ntp on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0159 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 34481 http://www.securityfocus.com/bid/34481 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1801 (Google Search) http://www.debian.org/security/2009/dsa-1801 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml HPdes Security Advisory: HPSBUX02859 http://marc.info/?l=bugtraq&m=136482797910018&w=2 HPdes Security Advisory: SSRT101144 http://www.mandriva.com/security/advisories?name=MDVSA-2009:092 NETBSD Security Advisory: NetBSD-SA2009-006 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc http://osvdb.org/53593 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634 RedHat Security Advisories: RHSA-2009:1039 http://rhn.redhat.com/errata/RHSA-2009-1039.html RedHat Security Advisories: RHSA-2009:1040 http://rhn.redhat.com/errata/RHSA-2009-1040.html RedHat Security Advisories: RHSA-2009:1651 https://rhn.redhat.com/errata/RHSA-2009-1651.html http://www.securitytracker.com/id?1022033 http://secunia.com/advisories/34608 http://secunia.com/advisories/35074 http://secunia.com/advisories/35137 http://secunia.com/advisories/35138 http://secunia.com/advisories/35166 http://secunia.com/advisories/35169 http://secunia.com/advisories/35253 http://secunia.com/advisories/35308 http://secunia.com/advisories/35336 http://secunia.com/advisories/35416 http://secunia.com/advisories/35630 http://secunia.com/advisories/37471 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html https://usn.ubuntu.com/777-1/ http://www.vupen.com/english/advisories/2009/0999 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/3316 XForce ISS Database: ntp-cookedprint-bo(49838) https://exchange.xforce.ibmcloud.com/vulnerabilities/49838 Common Vulnerability Exposure (CVE) ID: CVE-2009-1252 BugTraq ID: 35017 http://www.securityfocus.com/bid/35017 CERT/CC vulnerability note: VU#853097 http://www.kb.cert.org/vuls/id/853097 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html FreeBSD Security Advisory: FreeBSD-SA-09:11 http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc http://www.mandriva.com/security/advisories?name=MDVSA-2009:117 https://launchpad.net/bugs/cve/2009-1252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307 http://www.securitytracker.com/id?1022243 http://secunia.com/advisories/35243 http://secunia.com/advisories/35388 http://secunia.com/advisories/37470 http://www.vupen.com/english/advisories/2009/1361
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.