ID de Prueba:	1.3.6.1.4.1.25623.1.0.703388
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 3388-1 (ntp - security update)
Resumen:	Several vulnerabilities were discovered;in the Network Time Protocol daemon and utility programs:;;CVE-2015-5146;A flaw was found in the way ntpd processed certain remote;configuration packets. An attacker could use a specially crafted;package to cause ntpd to crash if:;;ntpd enabled remote configurationThe attacker had the knowledge of the configuration;password...The attacker had access to a computer entrusted to perform remote;configuration;Note that remote configuration is disabled by default in NTP.;;CVE-2015-5194;It was found that ntpd could crash due to an uninitialized;variable when processing malformed logconfig configuration;commands.;;Description truncated. Please see the references for more information.
Descripción:	Summary: Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote configurationThe attacker had the knowledge of the configuration password...The attacker had access to a computer entrusted to perform remote configuration Note that remote configuration is disabled by default in NTP. CVE-2015-5194 It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. Description truncated. Please see the references for more information. Affected Software/OS: ntp on Debian Linux Solution: For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6. For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3. For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3. We recommend that you upgrade your ntp packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9750 BugTraq ID: 72583 http://www.securityfocus.com/bid/72583 CERT/CC vulnerability note: VU#852879 http://www.kb.cert.org/vuls/id/852879 Debian Security Information: DSA-3388 (Google Search) http://www.debian.org/security/2015/dsa-3388 RedHat Security Advisories: RHSA-2015:1459 http://rhn.redhat.com/errata/RHSA-2015-1459.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9751 BugTraq ID: 72584 http://www.securityfocus.com/bid/72584 Common Vulnerability Exposure (CVE) ID: CVE-2015-3405 BugTraq ID: 74045 http://www.securityfocus.com/bid/74045 Debian Security Information: DSA-3223 (Google Search) http://www.debian.org/security/2015/dsa-3223 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html http://www.openwall.com/lists/oss-security/2015/04/23/14 RedHat Security Advisories: RHSA-2015:2231 http://rhn.redhat.com/errata/RHSA-2015-2231.html SuSE Security Announcement: SUSE-SU-2015:1173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5146 BugTraq ID: 75589 http://www.securityfocus.com/bid/75589 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html https://security.gentoo.org/glsa/201509-01 http://www.securitytracker.com/id/1034168 Common Vulnerability Exposure (CVE) ID: CVE-2015-5194 BugTraq ID: 76475 http://www.securityfocus.com/bid/76475 http://www.openwall.com/lists/oss-security/2015/08/25/3 RedHat Security Advisories: RHSA-2016:0780 http://rhn.redhat.com/errata/RHSA-2016-0780.html RedHat Security Advisories: RHSA-2016:2583 http://rhn.redhat.com/errata/RHSA-2016-2583.html SuSE Security Announcement: SUSE-SU:2016:1311 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html SuSE Security Announcement: SUSE-SU:2016:1912 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html SuSE Security Announcement: SUSE-SU:2016:2094 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html http://www.ubuntu.com/usn/USN-2783-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5195 BugTraq ID: 76474 http://www.securityfocus.com/bid/76474 Common Vulnerability Exposure (CVE) ID: CVE-2015-5219 BugTraq ID: 76473 http://www.securityfocus.com/bid/76473 SuSE Security Announcement: openSUSE-SU:2016:3280 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5300 BugTraq ID: 77312 http://www.securityfocus.com/bid/77312 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html FreeBSD Security Advisory: FreeBSD-SA-16:02 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 https://www.cs.bu.edu/~goldbe/NTPattack.html http://seclists.org/bugtraq/2016/Feb/164 RedHat Security Advisories: RHSA-2015:1930 http://rhn.redhat.com/errata/RHSA-2015-1930.html http://www.securitytracker.com/id/1034670 SuSE Security Announcement: SUSE-SU:2016:1175 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html SuSE Security Announcement: SUSE-SU:2016:1177 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html SuSE Security Announcement: SUSE-SU:2016:1247 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html SuSE Security Announcement: openSUSE-SU:2016:1292 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html SuSE Security Announcement: openSUSE-SU:2016:1423 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7691 BugTraq ID: 77274 http://www.securityfocus.com/bid/77274 https://security.gentoo.org/glsa/201607-15 http://www.securitytracker.com/id/1033951 Common Vulnerability Exposure (CVE) ID: CVE-2015-7692 BugTraq ID: 77285 http://www.securityfocus.com/bid/77285 Common Vulnerability Exposure (CVE) ID: CVE-2015-7701 BugTraq ID: 77281 http://www.securityfocus.com/bid/77281 Common Vulnerability Exposure (CVE) ID: CVE-2015-7702 BugTraq ID: 77286 http://www.securityfocus.com/bid/77286 Common Vulnerability Exposure (CVE) ID: CVE-2015-7703 BugTraq ID: 77278 http://www.securityfocus.com/bid/77278 Common Vulnerability Exposure (CVE) ID: CVE-2015-7704 BugTraq ID: 77280 http://www.securityfocus.com/bid/77280 CERT/CC vulnerability note: VU#718152 https://www.kb.cert.org/vuls/id/718152 https://eprint.iacr.org/2015/1020.pdf RedHat Security Advisories: RHSA-2015:2520 http://rhn.redhat.com/errata/RHSA-2015-2520.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7850 BugTraq ID: 77279 http://www.securityfocus.com/bid/77279 Common Vulnerability Exposure (CVE) ID: CVE-2015-7852 BugTraq ID: 77288 http://www.securityfocus.com/bid/77288 Common Vulnerability Exposure (CVE) ID: CVE-2015-7855 BugTraq ID: 77283 http://www.securityfocus.com/bid/77283 https://www.exploit-db.com/exploits/40840/ Common Vulnerability Exposure (CVE) ID: CVE-2015-7871 BugTraq ID: 77287 http://www.securityfocus.com/bid/77287 https://security.gentoo.org/glsa/201604-03
Copyright	Copyright (C) 2016 Greenbone Networks GmbH http://greenbone.net

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.