Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2015.149
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-149-1)
Summary:	The remote host is missing an update for the Debian 'ntp' package(s) announced via the DLA-149-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'ntp' package(s) announced via the DLA-149-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9297 Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service (ntpd crash). CVE-2014-9298 Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. For Debian 6 Squeeze, these issues have been fixed in ntp version 1:4.2.6.p2+dfsg-1+deb6u2 Affected Software/OS: 'ntp' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9750 BugTraq ID: 72583 http://www.securityfocus.com/bid/72583 CERT/CC vulnerability note: VU#852879 http://www.kb.cert.org/vuls/id/852879 Debian Security Information: DSA-3388 (Google Search) http://www.debian.org/security/2015/dsa-3388 RedHat Security Advisories: RHSA-2015:1459 http://rhn.redhat.com/errata/RHSA-2015-1459.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9751 BugTraq ID: 72584 http://www.securityfocus.com/bid/72584
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.