Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0259-1

Опубликовано: 18 нояб. 2014
Источник: suse-cvrf

Описание

Recommended update for ntp

This update for ntp provides the following fixes:

* Respect NTPD_FORCE_SYNC_ON_STARTUP also for dynamic peers. (bnc#887957) * Fix orphan mode. (bnc#883859)

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
ntp-4.2.4p8-1.26.1
ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3
ntp-4.2.4p8-1.26.1
ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
ntp-4.2.4p8-1.26.1
ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
ntp-4.2.4p8-1.26.1
ntp-doc-4.2.4p8-1.26.1

Ссылки

Описание

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Desktop 11 SP3:ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.4p8-1.26.1
Ссылки

Описание

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Desktop 11 SP3:ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.4p8-1.26.1
Ссылки

Описание

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Desktop 11 SP3:ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.4p8-1.26.1
Ссылки

Описание

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Desktop 11 SP3:ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.4p8-1.26.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Desktop 11 SP3:ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.4p8-1.26.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Desktop 11 SP3:ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.4p8-1.26.1
Ссылки

Описание

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Desktop 11 SP3:ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.4p8-1.26.1
Ссылки

Описание

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Desktop 11 SP3:ntp-doc-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.4p8-1.26.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.4p8-1.26.1
Ссылки
Уязвимость SUSE-SU-2015:0259-1