Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0259-2

Опубликовано: 22 нояб. 2012
Источник: suse-cvrf

Описание

Recommended update for ntp

This collective update for the Network Time Protocol daemon (ntp) provides fixes for the following reports:

* 758253: ntp fails if a host has more than 1024 IP addresses * 771480: sntp not able to sync against Windows ntp server.

Список пакетов

SUSE Linux Enterprise Server 11 SP2
ntp-4.2.4p8-1.20.1
ntp-doc-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2-LTSS
ntp-4.2.4p8-1.20.1
ntp-doc-4.2.4p8-1.20.1
SUSE Linux Enterprise Server for SAP Applications 11 SP2
ntp-4.2.4p8-1.20.1
ntp-doc-4.2.4p8-1.20.1

Ссылки

Описание

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-doc-4.2.4p8-1.20.1
Ссылки

Описание

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-doc-4.2.4p8-1.20.1
Ссылки

Описание

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-doc-4.2.4p8-1.20.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-doc-4.2.4p8-1.20.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-4.2.4p8-1.20.1
SUSE Linux Enterprise Server 11 SP2:ntp-doc-4.2.4p8-1.20.1
Ссылки
Уязвимость SUSE-SU-2015:0259-2