Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.2.2020.1968 |
Kategorie: | Huawei EulerOS Local Security Checks |
Titel: | Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1968) |
Zusammenfassung: | The remote host is missing an update for the Huawei EulerOS 'ntp' package(s) announced via the EulerOS-SA-2020-1968 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the Huawei EulerOS 'ntp' package(s) announced via the EulerOS-SA-2020-1968 advisory. Vulnerability Insight: A flaw was found in the Network Time Protocol (NTP), where a security issue exists that allows an off-path attacker to prevent the Network Time Protocol daemon (ntpd) from synchronizing with NTP servers not using authentication. A server mode packet with a spoofed source address sent to the client ntpd causes the next transmission to be rescheduled, even if the packet does not have a valid origin timestamp. If the packet is sent to the client frequently enough, it stops polling the server and is unable to synchronize with it.(CVE-2020-11868) A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use this flaw to modify the victim's clock by a limited amount or cause ntpd to exit.(CVE-2020-13817) Affected Software/OS: 'ntp' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-11868 Common Vulnerability Exposure (CVE) ID: CVE-2020-13817 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |