What Are You Looking For?

Sign Up
Date:         Thu, 21 May 2009 16:39:56 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: ntp on SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: ntp security update
Issue date:	2009-05-18
CVE Names:	CVE-2009-0159 CVE-2009-1252

A buffer overflow flaw was discovered in the ntpd daemon's NTPv4
authentication code. If ntpd was configured to use public key 
cryptography for NTP packet authentication, a remote attacker could use 
this flaw to send a specially-crafted request packet that could crash 
ntpd or, potentially, execute arbitrary code with the privileges of the 
"ntp" user. (CVE-2009-1252)

Note: NTP authentication is not enabled by default.

A buffer overflow flaw was found in the ntpq diagnostic command. A
malicious, remote server could send a specially-crafted reply to an ntpq
request that could crash ntpq or, potentially, execute arbitrary code 
with the privileges of the user running the ntpq command. (CVE-2009-0159)

After installing the update, the ntpd daemon will be restarted 
automatically.

SL 4.x

     SRPMS:
ntp-4.2.0.a.20040617-8.el4_7.2.src.rpm
     i386:
ntp-4.2.0.a.20040617-8.el4_7.2.i386.rpm
     x86_64:
ntp-4.2.0.a.20040617-8.el4_7.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0159 Critical: ntp SL4.x i386/x86_64

Critical: ntp security update

Summary

Date:         Thu, 21 May 2009 16:39:56 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Critical: ntp on SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: ntp security updateIssue date:	2009-05-18CVE Names:	CVE-2009-0159 CVE-2009-1252A buffer overflow flaw was discovered in the ntpd daemon's NTPv4authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. (CVE-2009-1252)Note: NTP authentication is not enabled by default.A buffer overflow flaw was found in the ntpq diagnostic command. Amalicious, remote server could send a specially-crafted reply to an ntpqrequest that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. (CVE-2009-0159)After installing the update, the ntpd daemon will be restarted automatically.SL 4.x     SRPMS:ntp-4.2.0.a.20040617-8.el4_7.2.src.rpm     i386:ntp-4.2.0.a.20040617-8.el4_7.2.i386.rpm     x86_64:ntp-4.2.0.a.20040617-8.el4_7.2.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo