CentOS Local Security Checks : CentOS Update for ntp CESA-2017:3071 centos6

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.882794

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for ntp CESA-2017:3071 centos6

Zusammenfassung: Check the version of ntp

Beschreibung: Summary:
Check the version of ntp

Vulnerability Insight:
The Network Time Protocol (NTP) is used to
synchronize a computer's time with another referenced time source. These packages
include the ntpd service which continuously adjusts system time and utilities
used to query and configure the ntpd service.

Security Fix(es):

* Two vulnerabilities were discovered in the NTP server's parsing of
configuration directives. A remote, authenticated attacker could cause ntpd
to crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464)

* A vulnerability was found in NTP, in the parsing of packets from the
/dev/datum device. A malicious device could send crafted messages, causing
ntpd to crash. (CVE-2017-6462)

Red Hat would like to thank the NTP project for reporting these issues.
Upstream acknowledges Cure53 as the original reporter of these issues.

Affected Software/OS:
ntp on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-6462
BugTraq ID: 97045
http://www.securityfocus.com/bid/97045
FreeBSD Security Advisory: FreeBSD-SA-17:03
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
RedHat Security Advisories: RHSA-2017:3071
https://access.redhat.com/errata/RHSA-2017:3071
RedHat Security Advisories: RHSA-2018:0855
https://access.redhat.com/errata/RHSA-2018:0855
http://www.securitytracker.com/id/1038123
https://usn.ubuntu.com/3707-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-6463
BugTraq ID: 97049
http://www.securityfocus.com/bid/97049
Common Vulnerability Exposure (CVE) ID: CVE-2017-6464
BugTraq ID: 97050
http://www.securityfocus.com/bid/97050

Copyright Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.882794
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for ntp CESA-2017:3071 centos6
Zusammenfassung:	Check the version of ntp
Beschreibung:	Summary: Check the version of ntp Vulnerability Insight: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464) * A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash. (CVE-2017-6462) Red Hat would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues. Affected Software/OS: ntp on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6462 BugTraq ID: 97045 http://www.securityfocus.com/bid/97045 FreeBSD Security Advisory: FreeBSD-SA-17:03 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc RedHat Security Advisories: RHSA-2017:3071 https://access.redhat.com/errata/RHSA-2017:3071 RedHat Security Advisories: RHSA-2018:0855 https://access.redhat.com/errata/RHSA-2018:0855 http://www.securitytracker.com/id/1038123 https://usn.ubuntu.com/3707-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-6463 BugTraq ID: 97049 http://www.securityfocus.com/bid/97049 Common Vulnerability Exposure (CVE) ID: CVE-2017-6464 BugTraq ID: 97050 http://www.securityfocus.com/bid/97050
Copyright	Copyright (C) 2017 Greenbone AG