[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2009:0046 -- centos 4 s390 ntp

ID: oval:org.secpod.oval:def:200363Date: (C)2012-01-31   (M)2021-06-02
Class: PATCHFamily: unix




The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled. All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.

Platform:
CentOS 4
Product:
ntp
Reference:
CESA-2009:0046
CVE-2009-0021
CVE    1
CVE-2009-0021
CPE    1
cpe:/o:centos:centos:4

© SecPod Technologies