Test ID:	1.3.6.1.4.1.25623.1.1.4.2015.0259.3
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2015:0259-3)
Summary:	The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2015:0259-3 advisory.
Description:	Summary: The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2015:0259-3 advisory. Vulnerability Insight: The NTP time service could have been used for remote denial of service amplification attacks. This issue can be fixed by the administrator as we described in our security advisory SUSE-SA:2014:001 [link moved to references] <[link moved to references]> and on [link moved to references] <[link moved to references]> this update now also replaces the default ntp.conf template to fix this problem. Please note that if you have touched or modified ntp.conf yourself, it will not be automatically fixed, you need to merge the changes manually as described. Additionally the following bug has been fixed: * ntp start script does not update /var/lib/ntp/etc/localtime file if /etc/localtime is symlink (bnc#838458) Security Issues: * CVE-2013-5211 <[link moved to references]> Affected Software/OS: 'ntp' package(s) on SUSE Linux Enterprise Server 11-SP1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5211 BugTraq ID: 64692 http://www.securityfocus.com/bid/64692 Cert/CC Advisory: TA14-013A http://www.us-cert.gov/ncas/alerts/TA14-013A CERT/CC vulnerability note: VU#348126 http://www.kb.cert.org/vuls/id/348126 HPdes Security Advisory: HPSBOV03505 http://marc.info/?l=bugtraq&m=144182594518755&w=2 HPdes Security Advisory: HPSBUX02960 http://marc.info/?l=bugtraq&m=138971294629419&w=2 HPdes Security Advisory: SSRT101419 http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 http://openwall.com/lists/oss-security/2013/12/30/6 http://openwall.com/lists/oss-security/2013/12/30/7 http://lists.ntp.org/pipermail/pool/2011-December/005616.html http://www.securitytracker.com/id/1030433 http://secunia.com/advisories/59288 http://secunia.com/advisories/59726 SuSE Security Announcement: openSUSE-SU-2014:1149 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9293 BugTraq ID: 71757 http://www.securityfocus.com/bid/71757 CERT/CC vulnerability note: VU#852879 http://www.kb.cert.org/vuls/id/852879 Cisco Security Advisory: 20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd HPdes Security Advisory: HPSBGN03277 http://marc.info/?l=bugtraq&m=142590659431171&w=2 HPdes Security Advisory: HPSBPV03266 http://marc.info/?l=bugtraq&m=142469153211996&w=2 HPdes Security Advisory: HPSBUX03240 http://marc.info/?l=bugtraq&m=142853370924302&w=2 HPdes Security Advisory: SSRT101872 http://www.mandriva.com/security/advisories?name=MDVSA-2015:003 https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8 RedHat Security Advisories: RHSA-2014:2025 http://rhn.redhat.com/errata/RHSA-2014-2025.html RedHat Security Advisories: RHSA-2015:0104 http://rhn.redhat.com/errata/RHSA-2015-0104.html http://secunia.com/advisories/62209 Common Vulnerability Exposure (CVE) ID: CVE-2014-9294 BugTraq ID: 71762 http://www.securityfocus.com/bid/71762 Common Vulnerability Exposure (CVE) ID: CVE-2014-9295 BugTraq ID: 71761 http://www.securityfocus.com/bid/71761 SuSE Security Announcement: openSUSE-SU-2014:1670 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9297 Common Vulnerability Exposure (CVE) ID: CVE-2014-9298 Common Vulnerability Exposure (CVE) ID: CVE-2015-1799 1032031 http://www.securitytracker.com/id/1032031 20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd 20150408 Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=38275 73950 http://www.securityfocus.com/bid/73950 APPLE-SA-2015-06-30-2 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html DSA-3222 http://www.debian.org/security/2015/dsa-3222 DSA-3223 http://www.debian.org/security/2015/dsa-3223 FEDORA-2015-5761 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html FEDORA-2015-5874 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html GLSA-201509-01 https://security.gentoo.org/glsa/201509-01 HPSBHF03557 http://marc.info/?l=bugtraq&m=145750740530849&w=2 HPSBUX03333 http://marc.info/?l=bugtraq&m=143213867103400&w=2 MDVSA-2015:202 http://www.mandriva.com/security/advisories?name=MDVSA-2015:202 RHSA-2015:1459 http://rhn.redhat.com/errata/RHSA-2015-1459.html SSRT102029 USN-2567-1 http://www.ubuntu.com/usn/USN-2567-1 VU#374268 http://www.kb.cert.org/vuls/id/374268 [chrony-announce] 20150407 chrony-1.31.1 released (security) http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html http://bugs.ntp.org/show_bug.cgi?id=2781 http://support.apple.com/kb/HT204942 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://kc.mcafee.com/corporate/index?page=content&id=SB10114 openSUSE-SU-2015:0775 http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html Common Vulnerability Exposure (CVE) ID: CVE-2015-3405 74045 http://www.securityfocus.com/bid/74045 DSA-3388 http://www.debian.org/security/2015/dsa-3388 FEDORA-2015-5830 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html RHSA-2015:2231 http://rhn.redhat.com/errata/RHSA-2015-2231.html SUSE-SU-2015:1173 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html [oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems http://www.openwall.com/lists/oss-security/2015/04/23/14 http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg https://bugs.ntp.org/show_bug.cgi?id=2797 https://bugzilla.redhat.com/show_bug.cgi?id=1210324 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.