 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.853253 |
| Category: | SuSE Local Security Checks |
| Title: | openSUSE: Security Advisory for ntp (openSUSE-SU-2020:0934-1) |
| Summary: | The remote host is missing an update for the 'ntp'; package(s) announced via the openSUSE-SU-2020:0934-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'ntp' package(s) announced via the openSUSE-SU-2020:0934-1 advisory. Vulnerability Insight: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-934=1 Affected Software/OS: 'ntp' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-8956 http://www.ntp.org/ https://arxiv.org/abs/2005.01783 https://nikhiltripathi.in/NTP_attack.pdf https://tools.ietf.org/html/rfc5905 SuSE Security Announcement: openSUSE-SU-2020:0934 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html SuSE Security Announcement: openSUSE-SU-2020:1007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html Common Vulnerability Exposure (CVE) ID: CVE-2020-11868 https://security.netapp.com/advisory/ntap-20200424-0002/ https://security.gentoo.org/glsa/202007-12 http://support.ntp.org/bin/view/Main/NtpBug3592 https://bugzilla.redhat.com/show_bug.cgi?id=1716665 https://www.oracle.com//security-alerts/cpujul2021.html https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2020-13817 https://security.netapp.com/advisory/ntap-20200625-0004/ http://support.ntp.org/bin/view/Main/NtpBug3596 https://bugs.ntp.org/show_bug.cgi?id=3596 https://www.oracle.com/security-alerts/cpujan2022.html Common Vulnerability Exposure (CVE) ID: CVE-2020-15025 https://security.netapp.com/advisory/ntap-20200702-0002/ https://bugs.gentoo.org/729458 https://support.ntp.org/bin/view/Main/NtpBug3661 https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea https://www.oracle.com/security-alerts/cpujan2021.html |
| Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |