 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.13.2018.229.01 |
| Categoría: | Slackware Local Security Checks |
| Título: | Slackware: Security Advisory (SSA:2018-229-01) |
| Resumen: | The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2018-229-01 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'ntp' package(s) announced via the SSA:2018-229-01 advisory. Vulnerability Insight: New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p12-i586-1_slack14.2.txz: Upgraded. This release improves on one security fix in ntpd: LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack While fixed in ntp-4.2.8p7 and with significant additional protections for this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in the new noepeer support. Originally reported by Matt Van Gundy of Cisco. Edge-case hole reported by Martin Burnicki of Meinberg. And fixes another security issue in ntpq and ntpdc: LOW: Sec 3505: The openhost() function used during command-line hostname processing by ntpq and ntpdc can write beyond its buffer limit, which could allow an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. Reported by Fakhri Zulkifli. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'ntp' package(s) on Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-1549 BugTraq ID: 88200 http://www.securityfocus.com/bid/88200 FreeBSD Security Advisory: FreeBSD-SA-16:16 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc https://security.gentoo.org/glsa/201607-15 http://www.talosintelligence.com/reports/TALOS-2016-0083/ http://www.securitytracker.com/id/1035705 Common Vulnerability Exposure (CVE) ID: CVE-2018-12327 BugTraq ID: 104517 http://www.securityfocus.com/bid/104517 https://www.exploit-db.com/exploits/44909/ https://security.gentoo.org/glsa/201903-15 https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f RedHat Security Advisories: RHSA-2018:3853 https://access.redhat.com/errata/RHSA-2018:3853 RedHat Security Advisories: RHSA-2018:3854 https://access.redhat.com/errata/RHSA-2018:3854 RedHat Security Advisories: RHSA-2019:2077 https://access.redhat.com/errata/RHSA-2019:2077 https://usn.ubuntu.com/4229-1/ |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |