RedHatRHSA-2009:1040(RHSA-2009:1040) Critical: ntp security update
0.963 High
EPSS
Percentile
99.6%
The Network Time Protocol (NTP) is used to synchronize a computer’s time
with a referenced time source.
A buffer overflow flaw was discovered in the ntpd daemon’s NTPv4
authentication code. If ntpd was configured to use public key cryptography
for NTP packet authentication, a remote attacker could use this flaw to
send a specially-crafted request packet that could crash ntpd or,
potentially, execute arbitrary code with the privileges of the “ntp” user.
(CVE-2009-1252)
Note: NTP authentication is not enabled by default.
A buffer overflow flaw was found in the ntpq diagnostic command. A
malicious, remote server could send a specially-crafted reply to an ntpq
request that could crash ntpq or, potentially, execute arbitrary code with
the privileges of the user running the ntpq command. (CVE-2009-0159)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing the
update, the ntpd daemon will be restarted automatically.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 4 | s390 | ntp | < 4.2.0.a.20040617-8.el4_7.2 | ntp-4.2.0.a.20040617-8.el4_7.2.s390.rpm |
| RedHat | 4 | s390x | ntp | < 4.2.0.a.20040617-8.el4_7.2 | ntp-4.2.0.a.20040617-8.el4_7.2.s390x.rpm |
| RedHat | 4 | src | ntp | < 4.2.0.a.20040617-8.el4_7.2 | ntp-4.2.0.a.20040617-8.el4_7.2.src.rpm |
| RedHat | 4 | x86_64 | ntp | < 4.2.0.a.20040617-8.el4_7.2 | ntp-4.2.0.a.20040617-8.el4_7.2.x86_64.rpm |
| RedHat | 4 | ia64 | ntp | < 4.2.0.a.20040617-8.el4_7.2 | ntp-4.2.0.a.20040617-8.el4_7.2.ia64.rpm |
| RedHat | 4 | i386 | ntp | < 4.2.0.a.20040617-8.el4_7.2 | ntp-4.2.0.a.20040617-8.el4_7.2.i386.rpm |
| RedHat | 4 | ppc | ntp | < 4.2.0.a.20040617-8.el4_7.2 | ntp-4.2.0.a.20040617-8.el4_7.2.ppc.rpm |
Related
