[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2009:0046 -- centos 5 i386 ntp

ID: oval:org.secpod.oval:def:202000Date: (C)2012-01-31   (M)2022-10-10
Class: PATCHFamily: unix




The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled. All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.

Platform:
CentOS 5
Product:
ntp
Reference:
CESA-2009:0046
CVE-2009-0021
CVE    1
CVE-2009-0021
CPE    4
cpe:/a:ntp:ntp
cpe:/o:centos:centos:5
cpe:/a:ntp:ntp:4.2.0
cpe:/a:ntp:ntp:4.2.2
...

© SecPod Technologies